Security Assertion Markup Language (SAML) is an open-standard protocol used to exchange authentication and authorization information between different systems—typically between an identity provider (IdP) and a service provider (SP). It is primarily used to enable Single Sign-On (SSO), allowing users to log in once and gain access to multiple applications without having to re-authenticate.

‍

SAML is XML-based and works by passing digitally signed XML documents—called SAML assertions—between the IdP and SP. These assertions confirm that a user has been authenticated and can include additional attributes, such as user roles or group memberships, to inform access decisions. In a typical SAML flow:

1. A user attempts to access a service (SP).
2. The SP redirects the user to the IdP for authentication.
3. After verifying the user’s identity, the IdP generates a SAML assertion.
4. The assertion is sent back to the SP via the user’s browser.
5. The SP validates the assertion and grants access.

SAML offers several benefits for enterprises:

• Centralized identity management reduces the need for multiple credentials.
• Improved user experience via seamless access across services.
• Reduced password fatigue and risk from password reuse.
• Stronger security controls, including the enforcement of MFA at the IdP level.

SAML is widely used by enterprise SaaS applications such as Salesforce, Workday, and ServiceNow. While SAML has been around since the early 2000s, and remains popular in enterprise environments, newer protocols like OpenID Connect (OIDC) are more prevalent in modern cloud-native and mobile applications.

‍

SAML remains a foundational technology in identity and access management (IAM), particularly for organizations with a large portfolio of on-premises and legacy web applications that require a consistent and secure SSO experience.