SAML - what is it ?
What why and how
SAML is a secure xml based authentication service
What it is, how it works and why it is important ?
SAML is a secure XML based communication mechanism for communicating identities between organizations.
The name is actually an acronym from
Security Assertion Markup Language
The key thing about SAML is the primary usecase that it enables Internet SSO
SAML eliminates the need to maintain multiple authentication credentials, such as passwords in multiple locations.
1) SAML increases security by eliminating the need for credentials,which eliminates the oppurtunities for identity theft
It also eliminates the pishing oppurtunities by eliminating the number of times a user needs to login by using one of those User login forms
Recently a SAAS application was subjected to a successful pishing attack
2) SAML also increases applicaiton access, by eliminating barriers to application usage.
3) You no longer need to type in a password
you just simply click on a link and you are there in the application
4) SAML eliminates the administration timing costs, by eliminating the duplicate efforts to maintain duplicate credentials and also by eliminating all those extra helpdesk calls to reset those lost passwords
Working:
So how does SAML work ?
There are three entities involved
a) USER
b) An organization that maintains the directory of Users and an authentication mechanism called Identity provider or IDP
c) The organization that hosts the target application or service which is called Service provider or SP
These three are related
The user has an account at the IDP
The service provider could be SAAS CRM Provider
The IDP and SP are related, because they want to federate identities
In this instance it is a customer supplier relationship
Employee
Employer Service Provider
SAML User Access Working:
The way SAML works is, the user tries to access the application
It can be done by clicking the link in the portal or going directly out to an URL on the internet
When it happens, the Federated Identity software running at the IDP kicks into action
It validates the users identity and that the user is correctly authenticated.
It then constructs the specially formatted message containing information about that user
which it then communicates to the Federated Identity provider software running at the Service Provider
That software then confirms that the message has come from a known Identity Provider
It creates a session for the specific user at the target application and allows the user to get direct access to that application
This whole process of SAML message being created and the operation of two pieces of federated identity software at the IDP and the Service Provider are completely transparent to the user
No more proprietary SSO mechanisms
Third benefit is that users love it - Users get direct access to the applications in order to get the job done
There are dozens of cloud applications.
The proliferation of these non standardized identities
many of these identities which are weak, forgotten or lost, add a significant corporate risk, and management expense - while also frustrating users
To help secure cloud identities -
SAML is secure
SAML is a secure xml based authentication service
What it is, how it works and why it is important ?
SAML is a secure XML based communication mechanism for communicating identities between organizations.
The name is actually an acronym from
Security Assertion Markup Language
The key thing about SAML is the primary usecase that it enables Internet SSO
SAML eliminates the need to maintain multiple authentication credentials, such as passwords in multiple locations.
1) SAML increases security by eliminating the need for credentials,which eliminates the oppurtunities for identity theft
It also eliminates the pishing oppurtunities by eliminating the number of times a user needs to login by using one of those User login forms
Recently a SAAS application was subjected to a successful pishing attack
2) SAML also increases applicaiton access, by eliminating barriers to application usage.
3) You no longer need to type in a password
you just simply click on a link and you are there in the application
4) SAML eliminates the administration timing costs, by eliminating the duplicate efforts to maintain duplicate credentials and also by eliminating all those extra helpdesk calls to reset those lost passwords
Working:
So how does SAML work ?
There are three entities involved
a) USER
b) An organization that maintains the directory of Users and an authentication mechanism called Identity provider or IDP
c) The organization that hosts the target application or service which is called Service provider or SP
These three are related
The user has an account at the IDP
The service provider could be SAAS CRM Provider
The IDP and SP are related, because they want to federate identities
In this instance it is a customer supplier relationship
Employee
Employer Service Provider
SAML User Access Working:
The way SAML works is, the user tries to access the application
It can be done by clicking the link in the portal or going directly out to an URL on the internet
When it happens, the Federated Identity software running at the IDP kicks into action
It validates the users identity and that the user is correctly authenticated.
It then constructs the specially formatted message containing information about that user
which it then communicates to the Federated Identity provider software running at the Service Provider
That software then confirms that the message has come from a known Identity Provider
It creates a session for the specific user at the target application and allows the user to get direct access to that application
This whole process of SAML message being created and the operation of two pieces of federated identity software at the IDP and the Service Provider are completely transparent to the user
No more proprietary SSO mechanisms
Third benefit is that users love it - Users get direct access to the applications in order to get the job done
There are dozens of cloud applications.
The proliferation of these non standardized identities
many of these identities which are weak, forgotten or lost, add a significant corporate risk, and management expense - while also frustrating users
To help secure cloud identities -
SAML is secure
Comments
Post a Comment