Security Assertion Markup Language (SAML) is an XML-based framework for communicating user authentication, entitlement, and attribute information. Using SAML organization can centralize employee identity and authentication. Once authenticated, employees can access other protected resources in the organization without needing to re-authenticate. SAML enables web based Single Sign-On (SSO) by redirecting the browser to a centralized authentication service when the user has not been authenticated. The main actors in a SAML environment are:
- Identity Provider - The service responsible for authentication.
- Service Provider - The protected resource required by your employee.
SAML-based SSO is available to both on-demand (V1 hosted) and on-premise VersionOne customers. Using SAML, VersionOne integrates with your SSO environment and defers to your identity provider for user authentication when anyone attempts to access your VersionOne instance. This eliminates the need for separate credentials managed inside VersionOne. It also gives you better control over authentication, access and more flexibility with password rules for your users.
The following diagram illustrates SAML SSO using the VersionOne web application
- This diagram illustrates an unauthenticated user flow that starts with the user trying to access the VersionOne web application.
- VersionOne requires external (3rd party) software to fulfill the Service Provider role, which is why VersionOne and the Service Provider are shown as separate entities.