My previous post explained SAML, and how it worked. It walked you through a fairly simple process, but didn’t directly discuss the benefits. A number of these benefits are obvious, but some not so much.
Here are what I feel are the top 3 benefits of SAML.
Being an open standard, you are free to read through the 400 plus pages of the SAML 2.0 documentation with almost all of the content being related to security. Or you can just digest this simple fact:
In a SAML workflow, the user’s password does not get passed to the SaaS application. So no matter what happens at the SaaS company, including:
- A security breach where passwords could be stolen (encrypted or not)
- A rogue employee stealing passwords
- Or just some careless mistake which would leave your password vulnerable, your password will not be stolen, as they are not there in the first place. Every year we hear about security breaches, the most recent high-profile one being at LinkedIn where passwords are directly targeted and stolen.
2. End User Experience
SAML enables seamless SSO from essentially any browser. Because it works on top of the standard HTTP protocol, no browser plugins are needed, no ‘trusted sites’ are required to be set up, and no complicated IT rollouts: it just seamlessly asserts the identity of the user to the SaaS application. This includes access from mobile devices such as an iPhone, Android or Blackberry device, and tablets such as the iPad and any number of Android tablets.
3. IT Administration
SAML promotes the ability of IT to gain control of the exact things it was originally losing control of when SaaS first started to come on the scene. It promotes an environment where IT can:
- Easily maintain password security in one location
- Can de-provision users in a quick and scalable way
- Provision users in a quick and scalable way
No technology will be the proverbial silver bullet, but SAML is an essential building block that can give us as users and organizations so much security, usability all at the same time as giving IT appropriate control.
Please post any question or comments you have about SAML in the comments below.