SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between identity providers and service providers.
SAML
SAML (Security Assertion Markup Language) is an XML-based standard for exchanging authentication and authorization data between identity providers and service providers.
Why It Matters
SAML is the backbone of enterprise SSO, used by Okta, Azure AD, and most corporate identity providers. It enables centralized authentication but doesn't solve the API key management problem — employees authenticated via SAML still need API keys for programmatic access.
How It Works
The user authenticates with the identity provider (IdP), which generates a SAML assertion (an XML document containing identity claims). The assertion is sent to the service provider (SP), which validates the signature and grants access based on the claims.
Best Practices
- Validate SAML assertion signatures rigorously
- Check assertion expiration and audience restrictions
- Use HTTPS for all SAML endpoints
- Implement proper session management after SAML authentication
Common Mistakes
- Not validating the assertion signature (allows forged assertions)
- Ignoring audience restrictions
- Not implementing single logout
How ShieldKey Helps
ShieldKey complements SAML-based SSO. While SAML handles user authentication, ShieldKey handles API key access control — ensuring that authenticated users only get the specific API access they need via Shield Tokens.
Try ShieldKey FreeFAQ
What is SAML?
SAML is an enterprise authentication standard that lets you log in to multiple services with one identity. It's used by corporate SSO solutions like Okta, Azure AD, and OneLogin.