We recently integrated Marketo with OneLogin, our SSO provider. In our org, OneLogin is currently integrated with a number of other applications like Salesforce, Workday, Lever, etc.
However, if the user is not logged in to Marketo and is sent a deep link to an asset within Marketo (e.g. a specific link to a campaign, program, smart list, etc), when the user clicks on the link, he or she is taken to Marketo's login page and is unable to sign-on with his or her own credentials. The ideal behavior is that Marketo would redirect back to OneLogin as opposed to their own form. The current setup is a terrible user experience and unique to Marketo; all other applications listed above (including Salesforce) redirects the user back to OneLogin, which then allows them to access the deep link. According to Marketo's own engineers and documentations, they are unable to redirect the user back to OneLogin because Marketo does not support SP-initiated authentication.
Please support this type of authentication and catch up with your peers.
.png)