SAML (Security Assertion Markup Language) is an Authentication and Authorization protocol that Stanford is employing more and more to power single-sign-on and identity management underlying Stanford Login. SAML is part of a coordinated ensemble of technologies that protect the university’s restricted data while enabling not just Stanford people but also trusted colleagues at other institutions to access resources with just one login action. Examples of SAML in use at Stanford include partner-provided services such as Microsoft 365, Google Drive, and Box.
Features
- Works across organizations and supports federation.
- Supports multi-factor authentication protocols (e.g., Stanford Two-Step Authentication).
Designed for
- Current faculty, staff, and students.
- Departments and workgroups.
Requirements
End users, content managers, and server administrators have different requirements to use SAML-based authentication and authorization:
- End users need a SUNet ID and password; for access to some resources, a two-step authentication method must be set up.
- Content managers typically use system (e.g., Drupal) modules or .htaccess files and file system permissions (ACLs) to restrict access to their web pages.
- Stanford system administrators implement SAML by way of modules and instructions, typically in combination with Shibboleth and Apache.
Data security
May be used to protect Low, Moderate, and High Risk Data, as defined by the Information Security Office.
Rates
Free of charge
Get started
Third-party vendors:
Stanford application owners and system administrators:
Get help
For assistance with SAML, submit a Help request.