SP-Initiated SSO is a login flow where the authentication process starts at the Service Provider (SP) — meaning, the user goes to the application first (like Google Workspace, Salesforce, Dropbox, etc.), not to the Identity Provider (like JumpCloud).
User workflow for SP initiated SSO:
User accesses the SP application from the SP application's login page.
The SP login page provides a special SSO option, either through:
A dedicated SSO link, or
An adaptive username field that detects SSO authentication (this varies by SP).
The SP redirects the user to JumpCloud for authentication.
User enters their JumpCloud credentials on the JumpCloud login page.
Once authentication is successful, the user is redirected back to the SP application.
User is automatically logged in to the SP application.
Note: SP-initiated SSO isn’t supported by all SP applications.