Question 1

What's the difference between SAML and OAuth 2.0 / OpenID Connect (OIDC)?

Accepted Answer

SAML is mainly used for browser-based single sign-on in enterprises and exchanges XML-based assertions between an Identity Provider (IdP) and a Service Provider (SP). OAuth 2.0 is primarily an authorization framework for granting an app access to an API, and OpenID Connect (OIDC) adds authentication on top of OAuth using JSON-based tokens (JWTs). In practice, SAML is common for workforce SSO to SaaS apps, while OIDC is common for modern web/mobile apps and API-driven architectures.

Question 2

When should I use SAML?

Accepted Answer

Use SAML when you need enterprise SSO for workforce users (employees/contractors) into SaaS or internal web applications that support SAML, especially if your organization already has an IdP and wants centralized MFA, access policies, and easy offboarding. If you are building a new consumer-facing app or need API-first authentication, consider OIDC instead.

Question 3

How much does SAML cost?

Accepted Answer

SAML itself is a free standard, but costs come from the products and operations around it: your IdP licensing (for example, Entra ID, Okta, Ping, etc.), any premium features (MFA, conditional access, device posture), and administrative effort to configure and maintain integrations (certificates, metadata, attribute mappings). Some SaaS apps include SAML only in higher-tier plans, which can be a major cost factor.

SAML

Definition

Real-World Example

Related Terms

Cloud Provider Equivalencies

Explore More Cloud Computing Terms