What Is SAML?

SAML uses a single login page, with its own identity store and various authentication rules, to enable users to log into all web apps from one screen with one password. This means users aren't forced to maintain and reuse passwords for each app they need to access to, and passwords aren't potentially exposed to these or other third-party apps. 

SAML functions through some key technologies that happen behind the scenes, including:

• Identity provider: The tool or service that performs the authentication and invokes two-factor authentication, such as Duo Access Gateway.
• Service provider: The web app in which users are trying to gain access.
• SAML assertion: A message that asserts a user's identity and other identifying factors, sent via browser redirects.

What are the benefits of SAML?

SAML simplifies login experiences for users, strengthens security, and reduces costs and complexity for service providers. People can securely re-use the credentials they already have for many different applications.

What role do users play in SAML?

The SAML process is briefly visible to users through web browser redirects, but they do not have to configure or manage anything. Because SAML happens behind the scenes, users can just enjoy the simplified login experience it provides.

How do service providers use SAML?

Service providers offer the applications that users want to access. They configure their applications to establish and trust SAML connections through one or more identity providers.

What do identity providers do?

Identity providers handle authentication requests and pass identity and authorization information back to service provider applications. The Cisco Security Technology Alliance program includes several third-party identity providers.

Does SAML support multi-factor authentication?

Yes, technologies like Duo multi-factor authentication and Duo single sign-on work together to simplify and secure the login experience through SAML.