IdP-Initiated SAML allows users to click a button within the SAML provider's dashboard which will then launch the Aqua Wave application. Aqua Wave does not have native support for IdP-initiated SAML, however we do have a simple workaround.



Aqua Wave's SSO signin page allows you to pass a connection name that is unique for your company's application. Using this link, you can create a "bookmark" application within your SAML provider. This feature is supported by most provider's including Okta and OneLogin.

When IdP-initiated SAML is performed (and not supported) you may see an error like the below:

This often occurs because Aqua Wave does not support this type of access. Instead, you need to either use the login direct link (e.g. or use the bookmark process described below.

Setup Process

The setup will consist of the following:

  1. A standard SAML 2.0 application configured using the setup defined here.
  2. A second, "bookmark" application that will send users to the /sso entrypoint which will kick users back into the first application's SAML flow.

To configure this flow, please follow these steps:

  1. Create the first application by following the onboarding steps and working with Aqua Wave support.
  2. Ensure you can login via the standard SAML page:
  3. Once you've verified that you can, ask Aqua Wave Support for your unique login link. We will provide a /sso URL with a parameter specific to your organization that will direct your users directly to your SAML provider login without having to type their email addresses.
  4. Create a new "bookmark" application and paste the provided link.
  5. When users click the bookmark application from within the provider dashboard, they will be redirected to the custom Aqua Wave /sso endpoint which will then initiate the SAML flow.
  6. Optionally, you can hide the first application from the provider dashboard so users can only click the bookmark application.

If you have any questions, please contact support.