SAML entities

The SAML protocol uses a set of entities to authenticate and authorize data.

Identity Provider: The Identity Provider (IdP) or authentication provider is the sign-on system that authenticates the user, via a username and password or another verification method. The portal allows integration with any identity provider that supports SAML.
Service Provider: The Service Provider (SP) is the application the user needs to access; in this case, the portal. Portal customers get their own dedicated endpoint to access a dedicated tenant. Each tenant can be set up as the customer's dedicated Service Provider.
Assertion: The SAML assertion is an XML document that contains the metadata that is required to sign on or create a user on the SP side. The assertion is either part of the IdP's response to an authentication request or it is the IdP's unsolicited request to sign on a user to the SP.
Authentication request: The authentication request is sent from the SP to the IdP, made on behalf of users after they initiate the sign-on.

User passwords are never transmitted as part of the authentication request or response. A signed authentication request indicates that a new user should be created. This request contains only the username and any additional metadata (name, email address, etc.) that was configured by the IdP administrator. For more information, see User information.

Search resultsSearch tips