Skip to content Skip to site navigation Skip to service navigation

SAML (Authentication)

An authentication and authorization protocol that powers single-sign-on and identity management

In September 2024, rates will change for several technology services provided by University IT. View FY25 rate changes.

SAML (Security Assertion Markup Language) is an Authentication and Authorization protocol that Stanford is employing more and more to power single-sign-on and identity management underlying Stanford Login. SAML is part of a coordinated ensemble of technologies that protect the university’s restricted data while enabling not just Stanford people but also trusted colleagues at other institutions to access resources with just one login action. Examples of SAML in use at Stanford include partner-provided services such as Microsoft 365, Google Drive, and Box.


Designed for

  • Current faculty, staff, and students.
  • Departments and workgroups.


End users, content managers, and server administrators have different requirements to use SAML-based authentication and authorization:

  • End users need a SUNet ID and password; for access to some resources, a two-step authentication method must be set up.
  • Content managers typically use system (e.g., Drupal) modules or .htaccess files and file system permissions (ACLs) to restrict access to their web pages.
  • Stanford system administrators implement SAML by way of modules and instructions, typically in combination with Shibboleth and Apache.

Data security

May be used to protect Low, Moderate, and High Risk Data, as defined by the Information Security Office.


Free of charge

Get started

Third-party vendors:

Stanford application owners and system administrators:

Get help

For assistance with SAML, submit a Help request.

Learn more

See also

Last modified May 16, 2024