SAML 2.0 – increasing app security and facilitating users management

SAML 2.0 – increasing app security and facilitating users management


 

SAML 2.0 (Security Assertion Markup Language 2.0) is an open standard for exchanging authentication information between a service provider (e.g. a website or a mobile app) and an identity provider (a trusted provider that lets those interested use single sign-on to access another website e.g. social networks sometimes act as identity providers by verifying that the user is an authorised user and return information to the website this person was trying to log in to. The example we are all familiar with is  the “Continue with Facebook” feature often seen on various websites. In other words it’s a norm for logging users into applications.).

In the enterprise context, from the end user point of view, it’s very powerful as it facilitates access especially when employees access on a daily basis multiple apps and platforms. SAML 2.0 helps them to identify themselves with the same information as already done previously for e.g. intranet.

From the IT department’s side, it’s considered as significantly advantageous as it increases security and enables IT managers, who implemented this protocol, to allow their users to connect into applications without any need of specific development (such as client or server-specific code writing in order to make it work).

How does it work?

Thanks to the SAML protocol employees can log in to numerous cloud apps using simply one username and password! SAML norm centralises the authentication process at the identity provider’s level and normalises it so that any cloud app (service provider) using this protocol is able to easily authenticate users.

Centrally managed access controls – today’s IT headache

SAML is a response to today’s IT teams challenges when it comes to access management. To mention only a few of them:

  • Safety requirements of strong authentication rules
  • Forgotten passwords linked with piling ticket request
  • Lack of access to tools resulting in low productivity
  • Need to disable users access when they leave the company
  • Inability to control users access control resulting in vulnerability to compromise by phishing, brute force, hacking of cloud databases etc.

Adecco example

Adecco is a staffing company with a high number of sales reps based in multiple offices across France. They needed to solve a challenge of sales documents management and access.

“Our teams used to spend hours updating and sharing documents via emails and intranet with our representatives across the country. At the same time our business priority was to expand our sales ability and make their work more efficient.”

In 2016, working together with Aquafadas, they created a sales enablement app: Adecco Essentiel acting as a safe and always on repository of precious sales demos, documents, presentations and more. It’s was built as a private app accessible with mandatory authentications details only, available online and offline.

They decided to further strengthen their app security and to bring consistency in terms of users access and authentication process. Together with Aquafadas they implemented the SAML 2.0 standard. This allowed them to manage their Adecco Essentiel app’s users independently with increased security while meeting compliance rules.