SAML (Security Assertion Markup Language) is an Authentication and Authorization protocol that Stanford is employing more and more to power single-sign-on and identity management underlying Stanford Login. SAML is part of a coordinated ensemble of technologies that protect the university’s restricted data while enabling not just Stanford people but also trusted colleagues at other institutions to access resources with just one login action. Examples of SAML in use at Stanford include partner-provided services such as Office 365, Google Drive, and Box.
- Works across organizations and supports federation.
- Supports multi-factor authentication protocols (e.g., Stanford Two-Step Authentication).
- Current faculty, staff, and students.
- Departments and workgroups.
End users, content managers, and server administrators have different requirements to use SAML-based authentication and authorization:
- End users need a SUNet ID and password; for access to some resources, a two-step authentication method must be set up.
- Content managers typically use system (e.g., Drupal) modules or .htaccess files and file system permissions (ACLs) to restrict access to their web pages.
- Stanford system administrators implement SAML by way of modules and instructions, typically in combination with Shibboleth and Apache.
May be used to protect Low, Moderate, and High Risk Data, as defined by the Information Security Office.
Free of charge
- SSO/SAML for third-party vendors (requires Stanford login to access)
Stanford application owners and system administrators:
For assistance with SAML, submit a Help request.