Glossary / Authentication
SAML 2.0
SAML 2.0 is an XML-based standard for exchanging authentication and authorization assertions between an identity provider and a service provider, most often used for enterprise single sign-on.
Also: SAML, Security Assertion Markup Language
Security Assertion Markup Language is an XML standard for passing identity assertions between two parties: an identity provider that authenticates the user and a service provider that trusts the resulting assertion. It was standardized by OASIS and has long been the backbone of enterprise single sign-on.
In a SAML flow, the service provider redirects the user to the identity provider, the user authenticates, and the identity provider returns a signed assertion that the service provider validates to establish a session. The model predates modern web and mobile patterns, which is why newer deployments often prefer OpenID Connect.
SAML remains widely used in business-to-business and workforce scenarios. In CIAM it appears mainly when a customer-facing product must federate with enterprise customers that standardized on SAML, so platforms commonly support both SAML and OpenID Connect.
Sources
- OASIS Security Assertion Markup Language (SAML) v2.0: https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Related terms
Standards
- OASIS SAML 2.0