We’ve added an additional layer of protection to Single Sign-On to defend against login CSRF attacks and phishing attempts. When enabled, end users may be prompted to confirm that the profile information provided by their identity provider is correct before being redirected to the application. Learn more about how it works and how to activate this protection in the docs.
