What does SAML stand for?
Security Assertion Markup Language
What does SAML do?
SAML is a web-specification for securely exchanging authentication information between an identity provider and a service provider that allows a user to log on once for multiple websites and/or applications.
How does SAML authentication work?
The process works as follows:
- User goes to website/application
- Website/app checks if the user is authenticated
- If not authenticated, the user is redirected to the identity provider
- Identity provider confirms authorization
- Identity provider sends the encrypted token back to website/app
- Website/app verifies the validity of token and grants access
- User enters website/app
What do I do if my SAML login doesn't log me into Embrace®?
- Confirm that you are logged into your SAML account and going to the appropriate app for Embrace®.
- If you are still experiencing difficulties, you may reach out to your district IT department for further assistance.
What is the difference between LDAP and SAML?
While both LDAP and SAML provide user authentication, SAML offers a higher level of security and the extra convenience of one universal login.
LDAP - In order for systems to authenticate with LDAP, user logins must be authenticated against the district server. This means that users must sign in to a website using their LDAP credentials, and the website must pass the credentials to the district's LDAP server, forcing both parties to handle the user's credentials. This requires districts to open up their firewall, exposing the server to possible threats.
SAML - When using SAML, a user will only login to their identity provider, meaning that the website/application will not have to handle user's credentials. SAML creates an encrypted token to authorize the website/application, preserving the district's firewall and making the single sign-on more secure.