Skip to main content

SAML App

Logto supports integration as an Identity Provider (IdP) with SAML protocol-based applications Service Provider, SP. Through SAML app integration, you can provide enterprise users with a secure, standardized Single Sign-On (SSO) experience.

Introduction

SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between parties. In a SAML integration:

  • Logto as IdP: Acts as the central authentication authority, managing user identities and issuing SAML assertions
  • Your Application as SP: Relies on Logto to authenticate users and consumes SAML assertions for access control

How SAML authentication works

SAML authentication in Logto primarily follows the SP-initiated flow, where the authentication process starts from your application (Service Provider). Here's a brief overview:

  1. User attempts to access your application
  2. Your application generates a SAML request and redirects the user to Logto
  3. User authenticates with Logto
  4. Logto generates a SAML response containing user information
  5. Your application validates the response and grants access

For a more detailed explanation of SAML authentication flows and comparison with other protocols, check out our authentication flow guide.

Benefits of SAML integration

  • Enhanced Security: Encrypted communication and digital signatures ensure secure data exchange
  • Simplified User Experience: Users only need to sign in once to access multiple applications
  • Reduced Administrative Overhead: Centralized user management and access control
  • Enterprise Readiness: Widely adopted by organizations for secure identity federation

Key Features

  • Standardized Integration: Full support for SAML 2.0 protocol, ensuring compatibility with various service providers
  • Flexible Attribute Mapping: Support for custom user attribute mapping to meet different application data requirements
  • Secure and Reliable: Support for signing and encryption to protect the authentication process
  • Automatic Configuration: Support for quick SAML integration setup via metadata URL or file

Use Cases

SAML app integration is suitable for the following scenarios:

  • Enterprise application systems requiring Single Sign-On (SSO)
  • Integration with third-party services supporting SAML protocol
  • Requirements for high security and standardized authentication processes

Create an SAML application in Logto

  1. Go to Console > Applications
  2. Select "My apps" as the application type and choose the following integration protocol "SAML"
  3. Enter a name and description for your application and click on the “Create” button. A new SAML application will be created.

Configuration Guide

To start using SAML app integration, you need to complete the following steps:

  1. Configure SAML App: Set up basic SAML integration parameters
  2. Configure Attribute Mapping: Define how to map Logto user attributes to SAML assertions

After completing the configuration, your application can securely authenticate and exchange data with Logto through the SAML protocol.