SAML Single Sign-On

Security Assertion Markup Language (SAML) is an OASIS open standard that supports secure communication of user authentication, entitlement and attribute information between different enterprise applications. It provides a method of secure integration with existing, on-site authentication infrastructures without exposing these services to direct public access, and enables federation of user identity across any number of additional services. SAML enables single sign-on (SSO), a scheme that allows users to sign in to one application — the identity provider — and automatically have access to separate applications — the service providers — without having to sign in to each of these other applications separately.

• The identity provider (IdP) validates the identity of the user and makes an SAML assertion to authorize access to a service provider. As a user, the IdP service is often a sign-in page where you enter your SSO sign-in details, or a dashboard you can use to access different enterprise applications.

• The service provider (SP) consumes the SAML assertion and grants the user access to the application.

• The SAML assertion uses a XML-based standard to send security information that applications working across security domain boundaries can trust.

• The SP and IdP use the metadata provided during configuration to establish a circle of trust.

The SuiteProjects Pro SAML SSO feature uses the SAML version 2.0 specifications. For information about the SAML standard, refer to the OASIS website.

The SuiteProjects Pro SAML SSO feature supports:

• IdP-initiated SSO — Typically, the user goes to the IdP service, signs in, and clicks a link or a button on the IdP page to access SuiteProjects Pro. The IdP service redirects the user to SuiteProjects Pro with a SAML assertion.

• SP-initiated SSO — Typically, the user goes to the SuiteProjects Pro sign-in page for SSO users, enters the company ID and user ID. SuiteProjects Pro redirects the user to the IdP service with an SAML request. The IdP prompts the user to enter a password, validates the identity of the user and redirects the user to SuiteProjects Pro with an SAML assertion.

• Integration with multiple identity providers.

SuiteProjects Pro account administrators control who can use SAML SSO to access SuiteProjects Pro.