Single Sign-on with SAML 2.0

Show allHide all

SAML single sign-on is a web-based SSO using the SAML 2.0 technology. When a user tries to sign in to the Softadmin®-system their web browser is redirected to a web page on their organization's Identity Provider.

The login flow

The Identity Provider first checks if the user has already signed on to the Identity Provider, for example because they have already used another of their organization's systems. If the user is not recognized then they must first authenticate with the Identity Provider, by logging in with username and password or any other authentication method chosen by the organization. Once the Identity Provider knows who the user is it checks if the user is authorized to use the Softadmin® system. If the user is both authenticated and authorized then the Identity Provider creates a SAML Assertion describing the user, for example their username, their email address and their surname. The Identity Provider then cryptographically signs this Assertion