SAML is a type of Single Sign-On (SSO) standard. It defines a set of rules/protocols that allow users to access web applications with only a single login. This is possible because those applications (referred to as “Service Providers”) all trust the systems that verify users’ identities (referred to as “Identity Providers”).
SAML is one of the dominant standards in the world of Federated Identity Management (FIM), offering Single Sign-On (SSO) capabilities across the web. Others standards include OpenID, OAuth, and JWT (JSON Web Tokens). Each standard was created, and is maintained, by separate organizations. SAML was created by OASIS1, for example. Those organizations have different ideas on how to best implement SSO, which technologies and languages to use, and so on.
The SAML standardized format is designed to interoperate with any system independent of implementation. This enables a more open approach to architecture and identity federation without the interoperability issues associated with vendor-specific approaches.
In the modern era of computing, security is of the utmost importance when it comes to enterprise applications. SAML is used to provide a single point of authentication at a secure identity provider, meaning that user credentials never leave the firewall boundary, and then SAML is used to assert the identity to others. This means that applications do not need to store or synchronize identities, which in turn ensures that there are fewer places for identities to be breached or stolen.
Arguably, one of SAML’s greatest benefits is the user experience it provides. SAML provides the ability for users to securely access multiple applications with a single set of credentials entered once. This is the foundation of federation and also of single sign-on (SSO). Using SAML, users can seamlessly access multiple applications, allowing them to conduct business faster and more efficiently.