Authorization Basics

2 mins read

SAML Single Sign-On (SSO) Flow

Understand the basic SSO flow implemented using SAML.

Single Sign-On in SAML Explained

Single Sign-On (SSO) is a user authentication process that allows individuals to access multiple applications or services with a single login.

SAML (Security Assertion Markup Language) SSO, in particular, is a widely adopted standard for achieving this seamless authentication experience. With SAML SSO, a user logs in once to an Identity Provider (IdP), such as an organization’s authentication service or identity management system, and gains access to various Service Providers (SPs) without the need for separate logins. The following sequence diagram illustrates the key steps of this SAML SSO flow.

Add Single Sign-On

Cloudentity can be easily configured to enable your apps to use Single Sign-On. Additionally, you can connect SAML-based IDPs, or register SAML Service Providers.

sequenceDiagram autonumber participant EndUser as End User participant SP as Service Provider (SP) participant IdP as Identity Provider (IdP) EndUser->>SP: Visit SP SP->>IdP: Redirect to IdP IdP->>EndUser: Authenticate User EndUser->>IdP: Provide Credentials IdP->>SP: Send SAML Response and Assertion SP->>SP: Verify SAML Response SP->>EndUser: Authorize User Request
  1. The user requests access to a service or application provided by the Service Provider (SP).

  2. The SP initiates the SSO flow by redirecting the user’s browser to the Identity Provider (IdP) for authentication. This step includes sending a SAML authentication request.

  3. The IdP presents an authentication page to the user, prompting them to enter their credentials.

  4. The user enters their credentials, and the IdP verifies the user’s identity.

  5. After successful authentication, the IdP generates a SAML Assertion and sends it to the User browser and then user browser passes it to SP.

  6. The SP validates the SAML Assertion, ensuring it is signed and trusted.

  7. If the SAML Assertion is valid, the SP authorize the user request.

Updated: Sep 15, 2023