Security assertion markup language (SAML) is a protocol for authenticating web applications. It simplifies the login experience for users by allowing access to multiple applications with one set of credentials. SAML is also the underlying protocol that makes web-based single sign-on (SSO) possible and provides a way for users to authenticate themselves when logging into third-party apps.
SAML uses a single login page, with its own identity store and various authentication rules, to enable users to log into all web apps from one screen with one password. This means users aren't forced to maintain and reuse passwords for each app they need to access to, and passwords aren't potentially exposed to these or other third-party apps.
SAML functions through some key technologies that happen behind the scenes, including:
SAML simplifies login experiences for users, strengthens security, and reduces costs and complexity for service providers. People can securely re-use the credentials they already have for many different applications.
The SAML process is briefly visible to users through web browser redirects, but they do not have to configure or manage anything. Because SAML happens behind the scenes, users can just enjoy the simplified login experience it provides.
Service providers offer the applications that users want to access. They configure their applications to establish and trust SAML connections through one or more identity providers.
Identity providers handle authentication requests and pass identity and authorization information back to service provider applications. The Cisco Security Technology Alliance program includes several third-party identity providers.
Yes, technologies like Duo multi-factor authentication and Duo single sign-on work together to simplify and secure the login experience through SAML.