Security Assertion Markup Language (SAML)
What is SAML Authentication?
SAML facilitates federated authentication and authorization for users, identity providers, and service providers. SAML provides a method for separating your identity provider and service providers, allowing you to centralize user management and get access to SaaS applications.
There are 2 types of providers in SAML authentication. Identity provider and Service provider
Identity Provider (IDP) :
A SAML identity provider is a system entity that issues authentication assertions in conjunction with a single sign-on (SSO) profile of the SAML.
Service Provider (SP) :
A SAML service provider is a system entity that receives and accepts authentication assertions in conjunction with a single sign-on (SSO) profile of the SAML.
How SAML Works :
To provide authorization to a user, a service provider requires authentication from the identity provider.
An identity provider verifies that the end-user is who they claim to be and delivers that information to the service provider, along with the user’s access privileges to the service.
Microsoft Active Directory or Azure are common identity providers. Salesforce and other CRM solutions are usually service providers, in that they depend on an identity provider for user authentication.
SAML performs by transferring data about users, logins, and attributes between identity providers and service providers. When a user signs in to SSO with the identity provider for the first time, the identity provider can transmit SAML attributes to the service provider when the user seeks to use those services. The service provider requests authorization and authentication from the identity provider. Since both of those systems speak the same language — SAML — the user only needs to log in once.
