What Is SAML?

SAML is a type of single sign-on solution. It allows users to sign up and log in to your application without creating a new username and password just for your application. Instead, users login with their SAML credentials. This way the user can manage and authenticate themselves across multiple applications with one set of credentials.


Technically Speaking

SAML stands for Security Assertion Markup Language. It is an XML-based markup language used for exchanging credentials between an identity provider and a service provider.

Unfortunately, SSO requires a complex set of transactions between several entities in order to authenticate the user, which can make SSO implementation quite challenging.

With the Frontegg SSO solution, it is easy to provide a variety of SSO integration options for your customers, one of which is SAML. Frontegg provides the components and the complex wiring behind the scene so you can sit back and enjoy a plug-and-play experience with little to no code required on your end.

How Does It Work?

Your customer accesses a Frontegg component where he claims the domain by adding a TXT record (we are validating it for you so no worries there). Then he chooses the IDP, follows the instructions on the screen and configures it.

On the backend, before the login you can call the Frontegg SDK to check whether this customer's email is configured for SSO access. If so, we are returning redirect response with the signed SAML request.

When the IDP returns to your API with the SAML response, all you have to do it call the Frontegg SDK to validate the SAML response, extract the logged-in user and return it.

From that moment, you can continue with your usual login activities (such as generating the JWT, Auditing the login etc.).

The flow is described in the diagram below:

Did this page help you?