CLOUD SECURITY - Isn't that the latest norm? With every web application requiring some form of authentication, we sometimes feel like a circus clown trying to juggle multiple usernames and passwords! God forbid we forget one and then we are sent down a long, winding and very often confusing path to get back access to that website.
It is in this hassling scenario that Single Sign-On has a major role to play. SSO is nothing but a centralized login system which is able to authenticate the user with just a single set of credentials.
Security Assertion Markup Language (SAML) is a framework which helps us to achieve SSO in a secure and easy manner.
What is this miracle framework you ask?
SAML is a XML-based, open-standard data format for exchanging authentication and authorization data between an identity provider and a service provider.
In English, this means you can use a third-party identity provider or create your own identity provider to pass credentials to the service provider in the form of a digitally signed XML document.
Imagine this scenario. You log onto your website and there is,
- No need to type in credentials.
- No need to remember and renew passwords.
- No weak passwords.
- Helps to reduce cost and time.
Instead, you are automatically logged in and you can access your profile details in a jiffy.
Well, most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It does make sense for us to use this information to log users into other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML.
How does SAML work?
SSO with SAML gives faster, easier and trusted access to cloud applications without storing passwords or requiring users to log in to each application individually.
On a technical note, this is how it actually runs.
There are 3 main entities which are at work here:
- User: The person who requests the service.
- Service Provider(SP):The Organization that hosts the target websites, applications, services (Zoho).
- Identity Provider(IDP): The Organization which maintains the directory of users and their identities.
Here is the SAML flow diagram:
A trust will be established between the Identity Provider and the Service Provider by configuring SAML.
Now, the login flow can happen in two ways.
User tries to log in at the Service Provider. (Zoho)
- The User will be redirected to the IDP URL for authentication.
- IDP validates the credentials provided by the user.
- A SAML Response(XML) with the status of authentication and other additional information is created and sent to the SP.
- SP validates the SAML Response.
- If the SAML Response is valid, a session is created.for the user.
User tries to log in at the Identity Provider.
- The user authenticates self and logs into an organization which is the identity provider.
- A list of apps(service providers ) configured for the user will be displayed.
- The IDP will send the SAML Response to the respective Service Provider on clicking the required app.
- Service Provider validates SAML Response and creates a session for the user on successful validation.
Note: These validations will be transparent to the end User.
We have made setting up SAML for your organization as simple as we can.