SAML is a federation standard commonly used to carry authentication and identity assertions between an identity provider and an application.
SAML, short for Security Assertion Markup Language, is a federation standard used to exchange identity information between systems. In plain language, it often lets an identity provider tell an application that a user has already authenticated, along with selected identity details the application needs to trust that result.
SAML matters because it is one of the major building blocks behind enterprise Single Sign-On. Instead of every application storing and verifying its own separate credentials, organizations can centralize login through an identity provider and let connected applications rely on that identity assertion.
It also matters because identity federation changes where security policy is enforced. When SAML is part of the login flow, organizations can apply consistent authentication requirements, revocation, and auditing at the identity-provider layer rather than reinventing them in every application.
SAML appears in workforce SaaS login, higher-education portals, partner access, and many enterprise web applications. A user authenticates with the identity provider, and the application accepts a SAML assertion that confirms the identity and may include related attributes for access decisions.
Security teams evaluate SAML during SSO rollout, access troubleshooting, incident response, and identity hardening projects. They care about which application trusts which identity provider, what attributes are released, and how strong the upstream authentication is.
An employee opens an HR application from the company portal. The employee is redirected to the organization’s identity provider, completes authentication there, and is returned to the HR application with a SAML assertion showing the verified identity. The HR application trusts that assertion and creates the user session without keeping a separate local password for that user.
SAML is not the same thing as SSO as a whole. SSO is the broader user experience or architecture pattern. SAML is one specific federation standard often used to make that pattern work.
It is also not the same as authorization itself. SAML can carry identity attributes that influence access decisions, but the application or platform still needs to apply its own Authorization rules.