SAML - what it is, how single sign-on works, and setup essentials

SAML (Security Assertion Markup Language)

What it is

SAML is a standard that lets you use one login to access multiple websites and apps. You sign in once at an identity provider (like your company or school account), and that provider sends a signed “assertion” to other services proving who you are. The services trust that proof, so you don’t create a new password for each one. Background and examples: https://gridinsoft.com/saml

Why it matters

Fewer passwords to manage means fewer weak or reused passwords. Centralized login also makes it easier to turn access on or off when someone joins or leaves a team.

How it works - quick tour

  • You try to open an app. It redirects you to the identity provider (IdP).

  • You sign in at the IdP.

  • The IdP sends a signed SAML response back to the app (the service provider).

  • The app checks the signature and logs you in without asking for another password.

Red flags

  • Clock drift on devices causing “invalid or expired SAML” errors.

  • Mismatched URLs or certificate problems after a settings change.

  • Unexpected logins if a stolen session isn’t revoked at the IdP.

  • Users still asked for separate passwords because SSO isn’t enforced.

Do it right

  • Keep IdP and app clocks in sync and rotate SAML certificates before they expire.

  • Lock down which apps can accept SAML from your IdP and review who has access.

  • Use MFA at the IdP so one strong login protects all connected apps.

  • After an account is removed at the IdP, verify access is cut off across apps.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • SECaaS

        What it is Security-as-a-Service (SECaaS) means you rent security tools from the cloud instead of installing and running everything yourself. A provider hosts the tech (firewalls, antivirus, web filters, identity/login tools, intrusion detection, ...

      • Security Software

        What it is Security software is a set of apps and services that protect your devices and data from hackers, malware, and mistakes. It covers tools like antivirus/anti-malware, firewalls, VPNs, email and web filters, intrusion detection/prevention, ...

      • WHOIS

        What it is WHOIS (pronounced “who is”) is a public lookup for domain names. Type a domain, and WHOIS tells you who owns it (or their registrar/proxy), when it was registered, when it expires, and where it’s hosted. It’s like a phone book for ...