Best practice for SSO sign-in to application – Embedded or external window?


We're currently in the middle of redesigning our agent app and we're wondering what is the best practice to sign in to the agent using SSO..

The main flows we found are:

  1. External browser window where the user should choose his account and continue back to the agent.
    Advantage: The information is stored in the browser so the user just needs to choose his account.
    Disadvantage: The user must interact with another screen in order to complete the sign-in flow.
  2. The whole flow is embbeded inside the agent.
    Advantage: The user interacting with the flow inside one screen "step by step".
    Disadvantage The user muat sign in to his SSO for the first time through the agent because the agent didn't store his information cookies.


Example to the first flow, Slack:


Step 1: Click the "Sign in to Slack" button. enter image description here

Step 2: New browser page is opening, the user should click the "Continue with Google" button to sign in via SSO (or use the sign-in fields). enter image description here

Step 3: Another "small" page opens where the user should choose the relevant account and sign in. enter image description here

Thank you very much.

Tags: , , , , , ,