Thanks Neveda. We're looking into this, but if any other customers have the same feedback please go ahead and upvote/comment on this request!

+1: IdP-initiated SSO is not super convenient for our users, but we require Okta for most services. Much more convenient/intuitive for users to initiate sign-in via the service they're signing in to.

+1

Not having the option creates confusion for users, since they try to login through Google authentication and are met with "User not found" message.

Another quick note here is that after a period of inactivity, Fivetran presents a misleading login page, requesting users to log in again, even their account requires SAML login initiated by an identity provider. This causes additional confusion for users who are told by Fivetran to log in, only to be told to log out and log in again in a different system.

Ken Hurst-Brodie Thanks for the feedback. I have good news, we're actively working on enabling SSO login from the Fivetran login page. Here's the prototype of what we're planning, would love your thoughts! I'm expecting this to be ready to release in May. 

Hi Andrew Morse. Thanks for that udpate! From the Figma slides, it's not clear that this would address the issue here.

The underlying problem is that SAML login for Fivetran currently only works when initiated by an identity provider (like Okta). So when the sign-in page presents the Google SSO option, there's no indication to the user that it *cannot* work for their account. Their login will just direct to a page instructing them to log back out and in again through the identity provider.

The requested solution is to let SAML users log in directly at Fivetran, rather than first going to their identity provider. This is also helpful for direct links to a dashboard or other page behind auth. Those currently don't work for SAML users who aren't already logged in, since login can only currently be initiated outside of Fivetran.

Here's an example of how the process currently works for SAML users:

So even after a successful login, there's still nothing the user can do, other than log out. But I'm not sure from the Figma diagrams whether this new feature addresses the issue of SAML login initiated by Fivetran.

Thanks again for your update!

Ken Hurst-Brodie - Just to make sure we're looking at the same thing, I put together this short video of the design. This mock would allow the user to initiate login via Fivetran even with SAML. As for your comments on OAuth, we are also enhancing this user experience so in the case where their login method doesn't grant access to an account they can easily click one of the destination and we will send them through the right authentication flow for that specific account. 

If there are still questions or concerns, let me know and I'll setup time for us to chat.

Oh, awesome! Thanks for that video and update Andrew Morse!