SAML (Security Assertation Markup Language) is a means by which authentication and authorisation data are exchanged between a foreign site and an existing IdP (Identity Provider).
SAML is commonly used within business environments as a means to provide a secure login to existing systems. User credentials are centralised in an IdP (Identity provider platform) and SAML provides a means to query the IdP without exposing the user credentials. SAML is widely supported by most IdP platforms.
Users within an organisation sign-in to services by authenticating against their organisation's IdP. By doing so, sensitive login credentials are never shared with a service.
The user will typically arrive at the service they wish to use and upon attempting to log in, be re-directed or served with their organisation's login mechanism. This could, for example, include verification of a one-time physical token. Depending on the success of the login, the service that the user wishes to use then receives any requested user information and allows the user to interact with the service accordingly.
The IdP can determine what user information is permitted to be shared - such as a name or contact details. The interaction and exchange of information between the service and IdP is handled by SAML.
In addition to ensuring thatlogin credentials are never shared, and avoiding the need to rely on users to generate secure passwords, by keeping user credentials centralised in the IdP, user accounts can be centrally managed to prevent lost or orphaned accounts.