SAML Single Sign-On (SSO) Flow
Understand the basic SSO flow implemented using SAML.
Single Sign-On in SAML Explained
Single Sign-On (SSO) is a user authentication process that allows individuals to access multiple applications or services with a single login.
SAML (Security Assertion Markup Language) SSO, in particular, is a widely adopted standard for achieving this seamless authentication experience. With SAML SSO, a user logs in once to an Identity Provider (IdP), such as an organization's authentication service or identity management system, and gains access to various Service Providers (SPs) without the need for separate logins. The following sequence diagram illustrates the key steps of this SAML SSO flow.
The user requests access to a service or application provided by the Service Provider (SP).
The SP initiates the SSO flow by redirecting the user's browser to the Identity Provider (IdP) for authentication. This step includes sending a SAML authentication request.
The IdP presents an authentication page to the user, prompting them to enter their credentials.
The user enters their credentials, and the IdP verifies the user's identity.
After successful authentication, the IdP generates a SAML Assertion and sends it to the User browser and then user browser passes it to SP.
The SP validates the SAML Assertion, ensuring it is signed and trusted.
If the SAML Assertion is valid, the SP authorize the user request.