Everything you need to know
Your download should begin automatically in 15 seconds. If not, click here to download manually.
Security Assertion Markup Language (SAML) is a type of single sign-on (SSO) standard. It defines a set of protocols that allows users to use a single set of credentials to access a host of applications, like Microsoft 365, Salesforce, and Google Workspace, to name a few.
SAML, created by OASIS, remains the dominant standard among the various standards existing in the world of Federated Identity Management. The common goal among these standards is to enrich the user experience and enhance security.
SAML helps organizations simplify access to enterprise applications.
A SAML provider is any server that supports authentication and authorization of a user during a SAML request. The two types of SAML providers are Service Providers (SP), i.e., the enterprise applications that will be accessed by users, and Identity Providers (IdP), i.e., the system that performs user authentication.
SAML provides a secure way to authenticate user identities between the SPs and IdPs while allowing them to exist as separate entities. SAML transactions, or the standardized communications between the SP and the IdP, happen in Extensible Markup Language (XML).
To understand the interaction between SAML, the SP and the IdP, you must understand the difference between SAML authentication and SAML authorization.
SAML authentication | SAML authorization |
---|---|
The process of verifying user identity via their entered credentials. | Telling the SP what level of access to grant to the authenticated user. |
A SAML assertion is a package of messages that notifies the SP that a user is signed in. It contains all the information necessary for the SP to confirm that users are who they claim to be. This includes information on the source of the assertion, at what time it was issued, and what conditions made the assertion valid. The IdP generates information as to when a particular user was authenticated, and by what means the user was authenticated. The assertion also contains the list of attributes associated with a particular user, which is referred to as claims, and the authorization decision, i.e., whether the user was granted or denied the access to a particular source.
When using SAML, there are two methods of initiating SSO.
1.SP-initiated SSO
2.IdP-initiated SSO
In an IdP-initiated SSO, a user, who is logged into an IdP, will be able to select a SP from a list of all available SPs. They would then be forwarded to the SP with a SAML message comprising the assertion.
SAML Workflow
ManageEngine ADSelfService Plus, an integrated Active Directory self-service password management and SSO solution, acts as the IdP for enterprise applications. It uses the highly secure and industry standard SAML 2.0 to provide SSO to SPs like Salesforce, Microsoft 365, Google Workspace, among others.
Aside from SAML-based enterprise SSO, ADSelfService Plus also offers:
With up to fifteen different authenticators available, IT administrators have a wide variety of options to choose from to verify the users' identities before they log into enterprise applications through SSO.
Users are empowered to reset their own passwords and unlock their accounts without having to approach the help desk.
Enables IT admins to enforce restrictions on the type of passwords that users can create. Restrictions can be placed on characters, repetition, pattern, and length.
© 2020 Zoho Corporation Pvt.Ltd.All rights reserved.