Skip to content Skip to site navigation Skip to service navigation

SAML (Authentication)

In September 2022, rates will change for several of the technology services provided by University IT. To view the majority of our planned rate changes for services that are broadly available to our community, please visit this page. For more information, please visit the rates section of our website.

Stanford transitioned from WebAuth to SAML 2.0

Support for WebAuth ended on August 31, 2018. Applications or websites that use WebAuth for authentication should move to the SAML 2.0 protocol.

If you manage a server or application using WebAuth to authenticate users, you can find updates about migration plans and links to technical documentation in the “Get started” section on this page.

This deadline does not affect websites hosted on the central web servers ( WebAFS is also exempt.

SAML (Security Assertion Markup Language) is an Authentication and Authorization protocol that Stanford is employing more and more to power single-sign-on and identity management underlying Stanford Login. SAML is part of a coordinated ensemble of technologies that protect the university’s restricted data while enabling not just Stanford people but also trusted colleagues at other institutions to access resources with just one login action. Examples of SAML in use at Stanford include partner-provided services such as Office 365, Google Drive, and Box.


Designed for

  • Current faculty, staff, and students.
  • Departments and workgroups.


End users, content managers, and server administrators have different requirements to use SAML-based authentication and authorization:

  • End users need a SUNet ID and password; for access to some resources, a two-step authentication method must be set up.
  • Content managers typically use system (e.g., Drupal) modules or .htaccess files and file system permissions (ACLs) to restrict access to their web pages.
  • Stanford system administrators implement SAML by way of modules and instructions, typically in combination with Shibboleth and Apache.

Data security

May be used to protect Low, Moderate, and High Risk Data, as defined by the Information Security Office.


Free of charge

Get started

Third-party vendors:

Stanford application owners and system administrators:

Get help

For assistance with SAML, submit a Help request.

Learn more

See also

Last modified March 23, 2020