Demo Tenant

Tenant route: /t/demo

Session

Status: signed out

Not signed in. Sign in below — visited directly this app signs you in straight against the identity provider; embedded as a cross-site iframe it routes sign-in through the popup bridge instead.

Why this bridge exists

This page is meant to run embedded as a cross-site iframe inside a separate enterprise host. Because the host and this app are different sites, the browser blocks ordinary third-party cookies, so a plain sign-in inside the frame cannot set a session.

The bridge solves this in three hops: signing in opens a top-level popup (where the identity-provider session is reachable), the popup posts back a one-time code over a trusted message, and this frame exchanges that code for a partitioned cookie — a cookie scoped to the top-level site, which the browser does allow. No session token ever travels in a URL; only the opaque one-time code does.