What is SAML in Security+?
D1 ยท General ยท CompTIA Security+ SY0-701SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between an Identity Provider (IdP) and a Service Provider (SP).
Used for federated identity and SSO (Single Sign-On) โ log in once with your corporate credentials and access multiple cloud applications without re-authenticating.
Flow: User โ SP โ IdP (authenticates) โ SAML assertion โ SP grants access.
Used for federated identity and SSO (Single Sign-On) โ log in once with your corporate credentials and access multiple cloud applications without re-authenticating.
Flow: User โ SP โ IdP (authenticates) โ SAML assertion โ SP grants access.
SAML is the enterprise SSO standard. Common in cloud app federations (Salesforce, AWS, Office 365). Know that SAML uses XML assertions, while OAuth/OIDC use JSON tokens. SAML is authentication + authorization.