SSO allows users authorise on the different companies websites, services, CMS, etc by using single authorisation data. At the image below we can see that SSO combine the sessions for different domains in a one global session to allow the authentication via external service (log in with Google, Facebook, GitHub, etc.)
SAML SSO simplifies for employees to access the tools and allows administrators to implement modern, identity-based security, making it much easier to secure large groups of users. SAML SSO allows sign-in to the websites through the company's existing credential provider. Let's take a look at how this works.
SAML (Security Assertion Markup Language) is an enterprise protocol using XML. For example, we have the IDP(identity provider on your SSO server) and Lingohub domain.
The user try to log in into Lingohub application.
If there are no session cookies (users are not identified in our service), the user is redirected to the IDP with the SAML request, which will show to the IDP the place of the request (domain).
IDP parses the SAML request and checks the user and his data.
If there are no cookies for IDP - the user should log in to the system using his credentials. (If the cookies extend user skip this step.)
Then the IDP redirects the user to Lingohub.com with the SAML response (the encrypted user information.)
If the SAML response is correct, the user successfully authorized on Lingohub.
Congratulations! You finished the article about SAML SSO. If there's anything we can help you with, please contact our support.