About SAML Single Sign-On (SSO)

What is SAML?

You may have heard of SAML. It stands for Security Assertion Markup Language. SAML is a standard protocol used by web browsers to enable Single Sign-On (SSO) through secure tokens. The great thing about SAML? It completely eliminates the need for passwords. It does so by using standard cryptography and digital signatures to pass a secure sign-in token from an identity provider to an SaaS application.

SAML is an XML-based open standard. It’s the product of the OASIS Security Services Technical Committee. Most common SaaS vendors, such as Salesforce, Google and Microsoft already support SAML. SAML-enabling apps using other vendors can cost hundreds of thousands of dollars a year in fees, but is free as part of the OneLogin community.

Secure, Password-free Login

SAML uses secure tokens which are digitally signed and encrypted messages with authentication and authorization data. For example, a user’s email and company role. It passes these tokens from an identity provider to a cloud application using an established trust relationship. The standards-based nature of SAML delivers interoperability across identity providers and a common way for apps to sign-in users based on trusted information without managing credentials.

How does SAML help?

If you’re an IT administrator, SAML can help you securely get rid of passwords and deploy applications faster. If you’re an app vendor, SAML can help you secure your applications, reduce development costs, and gain wider, faster adoption. For IT, SAML lets you secure user logins and roll out application access faster and more securely.

Phishing Prevention

SAML helps with security by eliminating passwords. If you don’t have a password for an app, you can’t be tricked into entering it on a fake login page.

It also makes for more satisfied users, because it provides streamlined, one-click access from portals or the intranet, deep linking, password elimination, and automatically renewed sessions. One browser redirect is all it takes for a user to securely login to an application.

How does SAML help IT?

SAML simplifies life for IT because it centralizes authentication, provides greater visibility and makes directory integration easier. These are just some of the reasons why enterprises love SAML. And if you’re a B2B cloud vendor, you should support it, too, because businesses love it.

OneLogin and SAML SSO

OneLogin provides single sign-on through SAML for web apps. SAML-based applications work perfectly with OneLogin’s Zero-Config Active Directory Connector, which allows users to sign into applications with their Windows credentials.

In addition, it is easy to SAML-enable internal or custom web apps in as little as a few hours using one of OneLogin’s open source SAML Toolkits.

Of course, it’s always a good idea to add multi-factor authentication (MFA), as well, to protect the one SSO password. MFA adds an additional factor for the log in, so that even if a hacker gains access to the user’s credentials, the criminal won’t have that other factor and so won’t gain access. SSO and MFA together make for a winning team.