SAML is a federation standard commonly used to carry authentication and identity assertions between an identity provider and an application.
SAML, short for Security Assertion Markup Language, is a federation standard used to exchange identity information between systems. In plain language, it often lets an identity provider tell an application that a user has already authenticated and provide selected identity details the application needs to trust that result.
SAML matters because it is one of the main building blocks behind enterprise Single Sign-On. Instead of every application storing and verifying its own separate credentials, organizations can centralize login through an identity provider.
It also matters because federation changes where security policy is enforced. When SAML is part of the login flow, organizations can apply stronger authentication, revocation, and auditing at the identity-provider layer rather than reinventing them in every application.
SAML appears in workforce SaaS login, higher-education portals, partner access, and many enterprise web applications. A user authenticates with the identity provider, and the application accepts a SAML assertion confirming the identity and related attributes.
Security teams evaluate SAML during SSO rollout, federation troubleshooting, and identity hardening projects. They care about which applications trust which identity provider, what attributes are released, and how strong the upstream authentication is.
| Question | SAML | OIDC |
|---|---|---|
| Common fit | Traditional enterprise federation | Newer web and mobile sign-in |
| Main exchange style | Identity assertions between enterprise systems | Token-based identity layer on OAuth |
| Typical deployment | Workforce SaaS and browser-based apps | Modern app platforms and APIs |
An employee opens an HR application from the company portal. The employee is redirected to the identity provider, completes authentication there, and returns with a SAML assertion. The HR application trusts that assertion and creates the user session without storing a separate password for that employee.
SAML is not the same as SSO as a whole. SSO is the broader user experience or architecture pattern. SAML is one specific federation standard often used to support that pattern.
It is also not the same as authorization itself. SAML can carry identity attributes that influence access decisions, but the application still needs its own Authorization logic.