Skip to main content
purple hex pattern

How does SAML work?

SAML specifies three components, or roles: the principal (e.g., a user), the identity provider (IdP), and the service provider (SP).

In the typical SAML use case, a principal will request a service from a service provider, which prompts the service provider to request and receive an authentication assertion from an identity provider. This assertion provided to the service provider is the basis upon which an access control decision is made either to perform or deny the service requested by the principal.

For example:

What is SAML (Security Assertion Markup Language) and how does SAML work?

What's the difference between SAML, Open Authorization (OAuth), and OpenID Connect (OIDC)?

SAML is a widely applicable authentication protocol whereas OAuth is an authorization standard designed for use with specific applications, devices, or APIs to provide secure delegated access. One is used to authenticate a user and the other is used to authorize specific access.

OIDC is an authentication protocol built to specifically add a layer of security to OAuth 2.0. Using JSON web tokens (JWTs) to verify the identity of an end-user, it enables users to log in to multiple sites using one set of login credentials.

Although SAML and OAuth are both interoperable standards, their purposes vary greatly. SAML handles the function of granting access, whereas OAuth handles the function of determining what can and cannot be accessed.

What is the most current version of SAML?

SAML 2.0

How can Entrust help simplify identity and access management (IAM)?

Single Sign-On (SSO) is vital to any enterprise IAM strategy, as it increases workforce productivity by having one set of user credentials to securely access all systems and applications. Entrust Identity supports SSO so your users can access all applications with a single strong credential instead of managing credentials for each unique cloud, on-prem, and legacy application. Learn more about Entrust SSO.