SAML 2.0

Overview

A Security Assertion Markup Language (also SAML 2.0) is an open standard protocol that enables Single Sign-On by providing authorization and authentication to web-based applications in this case your Document360 projects.

There are three prime entities to consider in this process:

1. The Identity Provider (IdP), you can choose either Okta, Azure AD, or Google SSO
2. The Service provider, which is Document360
3. The User Agent which is the reader's web browser.

How does SAML 2.0 SSO work?

With SAML 2.0, a trust relationship (XML metadata exchange) is established between the Service provider and the Identity Provider (IdP).

1. When an SSO user want to access the Service provider (Document360 Knowledge base), they must first authenticate into the IdP
2. Post authentication the user would be authorized by the IdP
3. The IdP generates a SAML Assertion (with user identifier information and digitally signed)
4. The SAML Assertion is sent to the Service provider via the User agent (user's web browser)
5. The Service provider then validates the Assertion
6. As the Service provider holds a trust relationship with IdP, the user is allowed access

As the authentication is already completed by the IdP, the user has the privilege of Single Sign-On and can access other Service providers configured with the IdP.