SAML

Definition

Security Assertion Markup Language - a standard protocol for securely exchanging authentication and authorization data between identity providers and

Use Cases

Provider Equivalents

Frequently Asked Questions

What's the difference between SAML and OAuth 2.0?
SAML is mainly used for single sign-on (SSO) and exchanging authentication information (who the user is) between an identity provider and an application, typically in enterprise web SSO. OAuth 2.0 is mainly used for authorization (what an app is allowed to do) by granting access tokens to call APIs. In practice, SAML is common for workforce SSO to SaaS apps, while OAuth 2.0 (often with OpenID Connect) is common for modern app sign-in and API access.
When should I use SAML for SSO?
Use SAML when you need enterprise-grade SSO between a central identity provider (like Entra ID, AD FS, Okta, Ping) and a web-based service provider that supports SAML—especially for workforce access to SaaS apps and partner applications. It’s a strong fit when you want centralized MFA and access policies at the IdP, role/group-based access mapping, and you’re integrating with established enterprise software that already supports SAML 2.0.
How much does SAML cost?
SAML itself is a free open standard—there’s no licensing fee to use the protocol. Costs come from the products and services you use to implement it (your identity provider, any SSO platform, and possibly premium features like conditional access, advanced MFA, or identity governance). Some SaaS apps include SAML SSO only in higher-tier plans, and some IdPs charge per user or per feature.

Category: security

Difficulty: advanced

Related Terms

See Also