SAML helps organizations implement single-sign-on. End-users need a single username and password for system access. SAML simplifies management of network security
One of the first things most of us do when we arrive at work is sign-on to the corporate network. On the rare occasion that we have to sign on to a specific application, we’re irritated. Why is the separate sign-on necessary? The simple answer is SAML.
SAML stands for Security Assertion Markup Language. It is an open standard for sharing information across an enterprise for authentication and authorization of the end-user. It’s what lets you sign on once to access multiple applications. For SAML to work, all applications must communicate using the SAML specification. If an application cannot support SAML, the end-user will have to sign on separately.
A single-sign-on (SSO) environment has an identity provider where the user’s identity information is stored. When the end-user wants to use an application in the SSO environment, the application or service provider makes a request to the identity provider. The identity provider authenticates the end user’s identity and responds to the service provider’s request. The end-user is either granted or denied access.
A simplified SAML process for an end-user named Joel might flow like this:
All requests and responses must conform to the SAML protocols for exchanging information.
SAML centralizes the authorization process. It also externalizes authentication to a separate identity provider. The configuration provides several benefits for both the end-user and the organization.
With a SAML-enabled enterprise, administration and monitoring of user access are reduced. Using an identity provider with a higher level of authentication than other applications within the network increases security. Allowing end-users to sign-on with a single username and password minimizes the number of times individuals require assistance because of forgotten passwords or usernames. The ability to control user access from a single point enables an organization to de-activate end-users quickly.
Tim is highly committed to us as a client & is great at communicating. He also offers us ways to cut costs consistently. Tim is always responsive, punctual and reliable. His qualificaitons and performance are superior to any former IT person our company has previously employed. I can offer the highest recommendation on his behalf.