What is SAML?
SAML stands for Security Assertion Markup Language. It is a process that simplifies authentications and authorization by utilizing Extensible Markup Language (XML).
So how does SAML work in practice? Let’s say you created your Gmail accounts and you want to use other Google services such as Google Maps, Photos, Music, or YouTube. By logging onto your Gmail you will automatically connect to all of these services without a need to log in to each of them individually. The credentials you provide to Gmail can now be used to log on to different apps across Google Play Store. That is the way how to use SAML. A shortcut or bridge between customer and service that the customer wants to use.
How does it work?
There are different kinds of roles defined to explain how SAML operates. Principal, the identity provider (IdP), and the service provider (SP). So you as a principal request to join a service provider (for example- Gmail). Then that service provider requests authentication from the identity provider. Identity providers then collect necessary data from the principal (username and passwords) and provide that data to the service provider. Based on data given, the service provider then decides to give or deny access to its service.
- Principal/ user → Service provider → Identity provider
Why SAML useful?
A phenomenon in which you connect to several other services with one login is denoted by the term web-browser Single-Sign on (SSO). Enterprise-ready SaaS apps use SAML to make the lives of their customers a little easier. It wasn’t always possible to use SAML for the SaaS world. Only in it’s newest version- SAML 2.0 it is allowed to use Software as a Service solution.
SAML solutions offer twofold usefulness. Besides simplicity, it also provides security by keeping your identity provider separately from service providers.
- simplify authentication and authorization process
- provides data protection
Different types of SAML statements
As we said before, information flows from the identity to service providers. That information contains statements and there are three different kinds of it:
- Authentication – What is SAML authentication? It is an evidence that you as the principal did authenticate with the identity provider
- Attribution – As a name implies, attribution is a specific data attributed to the user and accessed by the service provider
- Authorization – checks the correctness of the information. Have you ever missed your password? If so, then you can “thank” Authorization decision statements for not allowing you to enter without the correct information.
So let’s look into how SAML works step by step this time:
- You login into your Gmail account on a new PC, laptop, tablet, or smartphone
2. You go now to your YouTube channel (=Service Provider)
3. YouTube checks your credentials by making contact with the identity provider
4. Identity provider sends necessary data for you to access YouTube
5. Now you can use your YouTube freely.
SAML is an important part of the SaaS world. It allows customers to quickly enter apps. Additionally, SAML compliant and SSO further bolster data protection from cyberthreats.