eastbaycyber

What Is SAML?

Glossary 5 min read
EC
East Bay Cyber Editorial Team Reviewed 2026-05-13
Definition

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.

SAML, short for Security Assertion Markup Language, is an identity standard that lets users sign in once and access multiple applications through single sign-on (SSO). Instead of every app authenticating the user separately, SAML allows a trusted identity system to verify the user and send that result to the application.

In practice, SAML is widely used in enterprise identity environments for workforce access to SaaS apps, internal portals, and business systems.

SAML definition

SAML is an open standard for exchanging authentication and authorization information between two parties:

  • an identity provider (IdP)
  • a service provider (SP)

The identity provider authenticates the user. The service provider is the app or service the user wants to access. The service provider trusts the identity provider’s signed assertion that the user has already been verified.

That trust relationship is what enables SSO.

How SAML works

At a high level, SAML shifts authentication away from individual apps and centralizes it in an identity platform.

The user tries to access an application

A user opens an app that is configured for SAML. Instead of immediately asking for a local password, the app knows that authentication should come from the organization’s identity provider.

The user is redirected to the identity provider

The service provider sends the user to the IdP. This is where the user signs in with corporate credentials and, in many environments, completes MFA or other access checks.

The identity provider authenticates the user

If the login succeeds, the identity provider creates a SAML assertion. This is a signed message that says the user has been authenticated and may include additional identity attributes such as:

  • username or email address
  • group membership
  • role information
  • department
  • other required claims

The assertion is sent back to the application

The browser sends the assertion to the service provider. The application verifies the signature, checks that the assertion came from a trusted source, and confirms that it is still valid.

Access is granted

If validation succeeds, the application creates a session for the user and grants access without requiring a separate password for that app.

That is the core SAML model: the application trusts the identity provider’s signed authentication result.

Why organizations use SAML

SAML is common because it reduces password sprawl and centralizes control over user access.

Benefits typically include:

  • single sign-on across multiple applications
  • centralized authentication policy
  • consistent MFA enforcement
  • easier onboarding and offboarding
  • better visibility into sign-in activity
  • less reliance on app-specific passwords

For security teams, the biggest advantage is policy control. Instead of configuring login protections in every application separately, the organization can enforce them at the identity provider.

If you are comparing authentication standards, see our guide to what is webauthn for a modern phishing-resistant sign-in approach.

SAML security considerations

SAML can improve security, but it also concentrates trust in the identity layer. If an attacker compromises the identity provider, federation settings, or signing certificates, the impact can be broad because many connected apps rely on that trust.

Security teams usually pay close attention to:

  • weak MFA policies at the IdP
  • overly broad app assignments
  • excessive group mappings
  • long-lived sessions
  • misconfigured trust relationships
  • poor certificate lifecycle management
  • gaps in logging and alerting

SAML is not just a convenience feature. It is a high-value part of the identity attack surface.

For organizations building stronger access controls around central identity, our primer on what is zero trust explains the broader security model.

When you’ll encounter SAML

You will usually encounter SAML in enterprise identity and access management work.

Single sign-on projects

SAML is one of the most common standards used when an organization wants employees to authenticate once and use many business apps through a central identity platform.

SaaS onboarding

When a company adds a new cloud app, security or IT teams often configure SAML so the service uses corporate authentication instead of separate local credentials.

Identity governance and offboarding

Because SAML centralizes authentication, it often appears in access reviews, role mapping, and employee offboarding workflows.

MFA and conditional access rollouts

Organizations frequently use SAML-connected apps to extend stronger login controls like MFA, device checks, and location-based restrictions across many services.

Incident response and account compromise

SAML is relevant in investigations because SSO logs, app trust settings, and IdP activity often help explain how an attacker gained access and which connected services were exposed.

SAML is often grouped with other identity technologies, but they are not identical.

SSO

Single sign-on is the user experience or access model. SAML is one protocol used to enable that model.

Identity provider

The identity provider is the system that authenticates users and issues SAML assertions.

Service provider

The service provider is the application that trusts the identity provider and grants access based on that assertion.

Federated identity

Federated identity is the broader trust model where one system authenticates users for another. SAML is one way to implement federation.

OAuth 2.0 and OpenID Connect

These are newer standards commonly used by modern applications and APIs. Many enterprises still use SAML heavily, especially for older SaaS and internal web apps, while newer environments may prefer OIDC.

Practical best practices for SAML deployments

To get security value from SAML, organizations usually need more than just basic integration. Good practices include:

  • requiring MFA at the identity provider
  • limiting app assignments by role
  • reviewing group-to-app mappings regularly
  • protecting signing certificates and rotating them safely
  • shortening sessions where appropriate
  • logging IdP and service provider events
  • disabling local app passwords when SSO is in place

For individuals managing many credentials outside enterprise SSO, a password manager such as Try 1Password → can still help reduce password reuse, though it serves a different purpose than SAML.

Final takeaway

SAML is a standard that enables trusted single sign-on between an identity provider and an application. It helps organizations centralize authentication, extend MFA, and reduce app-specific password sprawl.

If your organization uses centralized login for SaaS apps, internal portals, or workforce access, SAML is one of the identity standards you will encounter most often.

Last verified: 2026-05-13

Disclaimer: This article may contain affiliate links. We earn a commission on qualifying purchases at no extra cost to you.