SAML

What is SAML?

When you have one user that needs access to multiple apps, you can implement single sign-on (SSO) via a SAML protocol.

This allows a user to sign on to one platform to get access to multiple services instead of having to sign on to each platform separately.

This is possible because a trusted broker, such as an identity provider, uses SAML to verify users once they’ve logged in. Once verified, this user can access any other services located on the same “property”.

With SAML, you can also whitelist users for specific applications within the organization. So even if a user is verified, it doesn’t necessarily mean they have access to everything because they first need to be whitelisted.

One disadvantage of using SAML is that it relies on login events to exchange information.

What is the difference between SAML vs. SCIM?

In short - SAML is focused on authentication and SCIM is focused on user provisioning.

SCIM is a standard for automating user provisioning and manages user identities across multiple systems and domains, ensuring that user data is consistent across different platforms. SCIM enables service providers to automatically retrieve and manage user identity data from an identity provider, which reduces the manual effort needed to manage user identities across different systems. SCIM uses RESTful APIs (Application Programming Interfaces) to transfer user data between systems.

About Opal:

Opal is the unified identity platform for modern enterprises. Opal aggregates identity and access data to provide visibility and defense-in-depth infrastructure for mission-critical systems. With the product, enterprises can discover anomalous identity risks and remediate them in minutes. The world's best companies trust Opal to govern and adapt sensitive access.

Want to see it yourself? Contact sales@opal.dev or book a meeting here for a personalized demo.