SAML (Security Assertion Markup Language) is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP). SAML’s primary role in online security is that it enables you to access multiple web applications using one set of login credentials. It works by passing authentication information in a particular format between two parties, usually an identity provider (idP) and a web application.
SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers. SAML is the link between the authentication of a user’s identity and the authorization to use a service.
A SAML-based authentication model is composed of an identity provider, which is a producer of ‘SAML assertions,’ such as SafeNet Trusted Access, and a service provider, which is a consumer of assertions, such as G-Suite, Office 365, and any other cloud app that supports SAML. SAML assertions are generally signed with a Public Key Infrastructure (PKI) signature which confirms that the assertion is authentic.
Because it is XML-based, SAML is a very flexible standard. A single SAML implementation can support single sign-on (SSO) connections with many different federation partners. Interoperability gives SAML an advantage over proprietary SSO mechanisms, as it prevents vendor lock-in, allowing organizations to move from one SAML authentication platform to another, and retain any Two-Factor Authentication (2FA) tokens based on OATH (Open Authentication) The OATH standard, was created by the Initiative for Open Authentication, and refers to cryptographic algorithms for generating one-time password (OTP) tokens.