About SAML
Security Assertion Markup Language (SAML) Authentication is a protocol used to enable single sign-on (SSO) across different web applications. It allows users to authenticate once and then gain access to multiple services without needing to log in again.
Userfront acts as the Identity Provider (IdP) for your users, allowing them to log in to any Service Provider (SP) that accepts login via SAML.
This allows you to offer user interfaces that allow your end users to select a service and log in without entering additional credentials.
SAML Requirements
Identity Provider (IdP)
For SAML login and logout, Userfront acts as the Identity Provider (IdP) and is responsible for authenticating each user and issuing SAML assertion tokens that confirm the user's identity.
This means that your end users can log into your application (via Userfront) once and then access your connected Service Providers (SPs) without needing to log in to each provider.
For SPs that support single logout, Userfront also logs out your users from each service when they log out from your application.
Service Providers (SPs)
Service Providers (SPs) are the applications or services that your end users want to access.
Userfront provides you with an interface to configure your SP credentials and to copy your IdP credentials.
SAML Handling
Userfront automatically configures your IdP settings to provide the following information which can be used when setting up your Service Providers (SPs):
IdP Setting
Description
Also known as: IdP metadata URL, Identity provider issuer URL
Also known as: SSO URL, Sign-in URL, Single Sign-On URL
Also known as: Single Logout URL
Userfront also provides clear instructions and information about how to set up a Service Provider, as well as an in-dashboard test to confirm that your configuration is correct.
