SAML-related terms to know
Identity federation
Identity federation is the process of delegating authentication responsibility to trusted identity providers. SAML and similar technologies, like OAuth and Web Services Federation (WS-Fed), rely on identity federation to securely re-use existing credentials in multiple applications.
SAML assertions
SAML assertions are the statements an identity provider sends to a service provider that contain authentication, attribute, or authorization decision information. For example, a SAML assertion can provide either a Yes (authenticated) or No (authentication failed) response to a service provider.
Single sign on (SSO)
SSO is a way to sign into multiple applications while entering login credentials only once. With Duo SSO, for example, users can log in to a single, MFA-protected dashboard to gain access to all of their applications, both cloud-based and native.
SAML tokens
SAML tokens are XML-formatted documents that contain the claims or SAML assertions that one entity makes about another. For example, an identity provider can claim or assert that a user is indeed who they say they are. Its security token service digitally signs the SAML token as proof to the service provider.
Lightweight Directory Access Protocol (LDAP)
LDAP is an open standard used to access directory information over an IP network. While SAML and LDAP are both authentication protocols, they function differently and are used for different purposes. For example, LDAP is often used for on-premises authentication, while SAML extends user credentials to cloud applications.