What is SAML?
Today, enterprise employees use a vast number of applications. These applications can be domestic in-house hosted applications or external partner/vendor cloud web applications. Seemingly, the use of the latter is growing day by day.
71% of organizations will be using cloud by end of 2017.
Security access to the in-house hosted applications is straightforward since all users and applications are in the same security domain, a central Identity Management system (IdM), that can identify and authenticate users. You just type your password and login. However, access to the external Software as a Service (SaaS) applications, such as a cloud-cased encryption solution, is more challenging. Since these SaaS applications do not have access to the organization’s IdM system, they need to maintain their own user credentials.
As the number of external SaaS applications grows, memorizing different user ids and passwords for different applications becomes the main risk of security breaches as the user often chooses the same password for multiple applications. It isn’t the user’s fault.
63% of organizations identify security and privacy as the top inhibitors to public cloud adoption.
So, what can Enterprises do?
The answer is Identity Federation; It solves these challenges by using standard-based policies and protocols to manage and enforce users’ access to cross domains applications. It enables business partners to allow secure access to internal resources without having to assume the burden of maintaining users’ credentials that belong to their business partners. Keys to successful implementation of identity federation are standardized mechanisms, and formats for the communication of identity information between the domains – The Security Assertion Markup Language (SAML) defines just such a standard. SAML offers a number of advantages:
- Eliminates the need to maintain multiple credentials in multiple locations;
- Reduces the opportunity for identity theft – eliminates multiple credentials;
- Diminishes phishing opportunities – users don’t have to login over the internet using login forms;
- Increases application access by removing usage barrier. Users can simply click on a link to login, and there’s no need to type passwords;
- Increases efficiency and reduces costs of administration by eliminating help desk calls to recover, reset passwords and efforts to remove duplicate credentials;
- Enhances user experience – users are happy since they can get direct access to the application without the hassle of remembering multiple passwords.
Single sign-on is key to successful user adoption. Echoworx’s secure messaging solution, OneWorld Enterprise Encryption, leverages industry standard protocols such as Security Assertion Markup Language (SAML) and OAuth for full support of Single Sign On (SSO), creating seamless customer experiences and driving encryption adoption.
For a more detailed explanation of what SAML is, how it works, why it’s important, and a look at some of the most common business use case scenarios, our White Paper “SAML 101: What, Why, How” may be of interest to you.
By Paul Jong, Application Architect at Echoworx