A Security Assertion Markup Language (also SAML 2.0) is an open standard protocol that enables Single Sign-On by providing authorization and authentication to web-based applications in this case your Document360 projects.
There are three prime entities to consider in this process:
- The Identity Provider (IdP), you can choose either Okta, Azure AD, or Google SSO
- The Service provider, which is Document360
- The User Agent which is the reader's web browser.
How does SAML 2.0 SSO work?
With SAML 2.0, a trust relationship (XML metadata exchange) is established between the Service provider and the Identity Provider (IdP).
- When an SSO user want to access the Service provider (Document360 Knowledge base), they must first authenticate into the IdP
- Post authentication the user would be authorized by the IdP
- The IdP generates a SAML Assertion (with user identifier information and digitally signed)
- The SAML Assertion is sent to the Service provider via the User agent (user's web browser)
- The Service provider then validates the Assertion
- As the Service provider holds a trust relationship with IdP, the user is allowed access
As the authentication is already completed by the IdP, the user has the privilege of Single Sign-On and can access other Service providers configured with the IdP.