SAML (Security Assertion Markup Language) is an XML-based open standard that allows an Identity Provider (IdP) to securely pass authentication data to a Service Provider (SP), enabling SSO across platforms built on entirely different technology stacks.
The SAML SSO flow:
- User tries to access a Service Provider (e.g., Salesforce).
- The SP redirects the user to the IdP with a SAML AuthnRequest.
- The IdP authenticates the user and generates a signed SAML assertion.
- The assertion — containing the user’s identity, attributes, and permissions — is sent back to the SP.
- The SP validates the digital signature and grants access.
SAML’s strength lies in its platform neutrality; a Java-based IdP can authenticate users into a PHP app, a .NET portal, and a SaaS tool simultaneously because all they exchange is a signed XML document. It is supported by virtually every major SaaS platform, including Salesforce, Google Workspace, Microsoft 365, ServiceNow, and Workday.