SAML stands for Security Assertion Markup Language. It allows for Single Sign On or SSO to a service.
There are three entities or roles involved when using SAML to sign into a service.
- Principal or Subject: a.k.a. you, or the person or service logging in.
- Service Provider (SP): This is the service you are accessing. It could be email, a website, etc.
- Identity Provider (IdP): This is the entity response for authenticating the Principal.
As an example, let’s say you want to log into a new website utilizing your email SSO credentials. You click the SSO login button, you are redirected to the IdP to login. Once authenticated, your device will receive a token which is then passed back to the Service Provider and allows you access to the new website.
This is a very simplified version of what happens when you login using SAML. It may be helpful to know that the Service Provider and the Identify Provider will have needed to be configured to work together before the user attempts to log in.