How SAML Works
September 12, 2019Source unknown
SAML Integration: Single Sign-On (SSO) for Cloud Apps
What is SAML?
SAML is an XML-based standard for web browser single sign-on (SSO) that eliminates application-specific passwords. SAML uses single-use, expiring, digital “tokens” to exchange authentication and authorization data between an identity provider and cloud application service provider that have an established trust relationship.
How SAML Works
SAML for Web browser SSO involves three parties. There is a user, an identity provider (IdP), and a cloud application service provider (SP). The IdP stores information about the user in a database like Active Directory.
The user connects to the SP and attempts to authenticate. If the SP recognizes the username, it delegates authentication to the IdP. The IdP validates the user against its identity database. It then sends a SAML assertion about that user to the service provider. The SP then gives the user access to the application.
Benefits of SAML
SAML exchanges security and identity related information such as authorization and authentication, using signed digital certificates and Public Key Infrastructure (PKI) to ensure the integrity of data. SAML eliminates the possibility of passwords theft/reuse, thereby increasing security. And because it’s based on an open standard, SAML is interoperable with many different cloud application service providers.
SAML Integration with Centrify
As organizations adopt cloud-based apps, they need to tighten security and maintain compliance. They need centralized identity management. Centrify Identity Service provides SAML integration for cloud app single sign-on. SAML eliminates the need to enter a different username and password for each application. SAML SSO uses existing identity infrastructure — Active Directory, LDAP, the Centrify Cloud Directory, or external users.
It can also enable SSO from federated business partners. Because administrators don’t need to create a new directory infrastructure, they can begin provisioning users in minutes.
Centrify provides a generic SAML template to connect to custom SAML apps. Centrify also provides preconfigured SAML connectors for popular applications including Salesforce, Workday, Concur, AWS, Google Apps, Zendesk and Dropbox, and hundreds of others. Centrify also supports other protocols like WS-Federation for apps like Office 365.
Benefits of Centrify’s SAML Integration
- Provide SSO using authentication with Active Directory, LDAP, the Centrify Cloud Directory, or external users
- Secure your applications through deep integration with One Time Password Multi-factor authentication
- Simplify IT management with a single application interface and user directory
- Increase employee productivity with a single portal to access all their applications using existing credentials
- Reduce password loss and minimize IT help desk password resets
- Automatically provision and de-provision users and apps by Active Directory group
- Increase application ROI with automated license provisioning and de-provisioning