App intent links

After you upgrade to Identity Engine, learn about the changes to app intent links.

Change summary Classic Engine: When unauthenticated users attempt to access an app, they’re redirected to a centralized sign-in page before the request is assessed for rate limiting. After the session is established and the request is processed, the app intent link endpoint validates that the user is assigned to the app. Then, it enforces the app sign-on policy.

Identity Engine: Unauthenticated users aren't forwarded to a centralized sign-in page. Instead, the app intent link hosts the Sign-In Widget for the app that the user is attempting to access. It evaluates the global session policy, authentication policy, and all other policies relevant to the sign-in experience.

Admin experience n/a
User experience Because each app intent link is responsible for hosting the sign-in experience on Identity Engine, they share a common rate limit group. This is similar to what exists for the centralized sign-in page on Classic Engine.
Related topics App intent links