SAML 101

From Ping Identity

Today’s enterprise employees use an ever-increasing number of applications, both enterprise hosted and in the cloud, to do their jobs. What’s more, they’re accessing those applications from a variety of devices (desktops, laptops, tablets, phones, etc.) and application models (both browser and native). Expecting those employees to remember strong and unique passwords for each and every application is simply unreasonable.

Identity federation solves these challenges by providing a secure, private mechanism for organizations to share user identities, removing the need to maintain separate user profiles for every enterprise application.

The identity federation standard, Security Assertion Markup Language, or SAML, enables single sign-on (SSO) and has a wide variety of uses for businesses, government agencies, non-profit organizations and service providers. The major limitation of SAML is that it was never optimized to enable SSO for the new breed of native mobile applications, or for applications that consolidate data and services through API calls from multiple third-party sources. WS-Trust (for SOAP services), OAuth 2.0, an open standard for authorization, and OpenID Connect, which builds on the OAuth specification, have emerged to meet these needs, providing more value and flexibility for users.

The convenience of identity federation and one-click access to web applications has shown a significant increase in the adoption of applications. Identity federation also enhances security, limits risk and improves compliance by eliminating web application passwords. When it comes to delivering business value, identity federation helps remove business barriers, reduce costs and increase productivity for the entire enterprise.