SAML (Security Assertion Markup Language) is a standard for managing access to multiple web applications using one set of login credentials.
SAML enables users to use only one set of login credentials to access many applications. The authentication process is handled by an identity provider such as Active Directory.
Users log in to the identity provider that then enables access to all the applications whose requests it controls.
Each application must have SAML configured to use the identity provider for authentication.
Definitions
| SSO | SSO (Single Sign On) is a technology that enables users to authenticate to a system once and be authorized to use multiple applications and services. This is a really good description of SSO. |
| SAML | SAML (Security Assertion Markup Language) is a technology enabling users to assert that they are who they say they are. This is a really good description of SAML. |
| Authentication | The process of verifying the identity of a user (or process). Ensuring that the user (or process) is who they claim to be. |
| Authorization | Assigning roles to users to enable them to access different levels of information and perform specific functions based on those roles. |
| Identity provider (IdP) | A cloud software service that stores and confirms user identities, usually via a login process |
| Service provider (SP) | A cloud-hosted application or service that a user wants to access. |
| Assertion | A message, from the IdP, via SAML, containing authentication, attribute, and authorization values to inform an SP that a user is signed in and authenticated. |
| Role | BRYTER supports three roles: Admin, Author, and User. |
| Mapping | BRYTER roles are mapped to assertions to enable users to access appropriate parts of the application or service. |
| Tenant | A customer-specific BRYTER environment, separated from other customers’ tenants. A tenant is accessed via, for example, https://acmecorp.bryter.io or https://bigcorp.bryter.io, where acmecorp or bigcorp are the tenant names. |
| Claim | Information that an IdP states about a user, typically contained in the SAML Attribute Statement. |
How does the SAML authentication process work?
The authentication process is quite simple.
- The user opens their browser and navigates to the service provider's web application (BRYTER).
- BRYTER responds with a SAML request.
- The browser passes the SAML request to the identity provider.
- The identity provider parses the SAML request, authenticates the user, and allows them access to BRYTER.
How is SAML configured?
Implementation of SAML SSO is completed in a 7-step process.
It didn’t work?
As mentioned earlier, because each identity provider has a slightly different configuration, you may need to pay particular attention to the factors in your organization’s configuration that may be affecting the success of your implementation.
Environmental factors may come into play when Configuring SAML too. Is there anything in your unique environment that may need consideration before and during SAML integration for BRYTER?
We have a Troubleshooting page that outlines the most common issues our customers encounter. If you can’t find answers there, contact your Customer Success Manager who will be happy to help you succeed.