Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication data between a service provider (such as Replicon) and an identity provider.
SAML allows users to employ web browser single sign-on (SSO) when logging in to applications. Using SSO has several advantages, including the following:
For information on setting up SSO based on an OpenID Connect provider, refer to Setting up single sign-on.
For information on assigning SAML authentication settings to users, refer to Setting up users for single sign-on.
To use SAML, an organization enrolls with an identity provider and then enables SAML within the service they wish to use. Once SAML is enabled, the following exchanges occur when the user tries to access the service:
If you use SAML, all user authentication is carried out through your identity provider. When the user accesses the identity provider’s website, they’re either prompted to enter their NT/AD credentials, or their browser forwards credentials they used to access their network. The user’s log-in credentials are then authenticated by the identity provider.
The identity provider then forwards the user name to the service provider (e.g. Replicon), along with the assertion token that proves their credentials are valid. Only the user name is forwarded; Replicon never has access to the user’s login credentials.
To use SAML authentication with Replicon, you must first be enrolled with an identity provider who will supply you with the following:
Replicon supports use with SAML 1.1 and 2.0. Which version of SAML you use depends on the identity provider you employ. If you plan to use SAML 1.1, Replicon hosts an identity provider you can use.
For details on enabling SAML in Replicon, contact Replicon Support, or refer to the following topics:
Replicon supports both SHA-1 and SHA-256. If you're currently using SHA-1 and want to migrate to SHA-256, contact Replicon Support.