In many companies, day-to-day work no longer relies on a single tool, but on various platforms, applications and services. This creates countless user accounts, passwords and security guidelines. Single sign-on (SSO), made possible by the SAML (Security Assertion Markup Language) standard, offers an uncomplicated solution to this problem.
But what exactly is SAML? And why is it worth using in a project management tool such as in-STEP BLUE?
What Is SAML?
SAML stands for Security Assertion Markup Language. It is an open standard that enables authentication and authorisation information to be exchanged securely between two parties. This means users only need to log in once, via a company portal, to access all connected applications. All connected applications adopt this authentication method.
The Three Roles of SAML
To understand how SAML works, let’s take a look at the different parties involved.
The user is the person who wants to access an application; for example, a project manager working with in-STEP BLUE.
Identity Provider (IdP): The central body that verifies identity, such as a central authentication service.
Service provider (SP): The application being accessed. In our case, this is in-STEP BLUE.
The interaction works like this: The user wants to access the service provider. They are then referred to the identity provider, which handles authentication. If authentication is successful, the service provider receives a SAML assertion, i.e. a signed message confirming the user’s identity. Access is then granted without the need for a separate login.
What Is SAML SSO?
SAML SSO (Security Assertion Markup Language Single Sign-On) is a method that allows users to log in once and access various applications without having to authenticate themselves again. SAML serves as a communication standard that mediates between the identity provider, which verifies identities, and the service provider, which offers applications. Due to its clear distribution of roles and standardized exchange of authentication data, SAML SSO enables secure and convenient logins across system boundaries. This is particularly advantageous in complex IT landscapes, for both users and the IT department.
What’s the Difference Between SAML and OAuth?
The term “OAuth” is often used in connection with authentication solutions. SAML and OAuth appear similar at first glance, but they have different approaches for different applications.
SAML is an XML-based standard primarily used in corporate environments, especially for web-based single sign-on. The focus is on authentication, or determining whether a person is who they claim to be.
OAuth, on the other hand, is an authorization protocol often used in mobile applications and modern web services. OAuth is primarily used to grant access rights, such as when an external service should only access specific user account information.
SAML clarifies who is granted access. OAuth defines the scope of this access. Depending on the use case, both methods can complement each other. However, SAML is the preferred standard for secure, centralized access to business applications, such as in-STEP BLUE.
The Benefits of SAML
SAML offers numerous advantages for both administrators and users. One key advantage is centralized user administration, where all user accounts are maintained in one location. This increases clarity and simplifies processes. For example, when an employee leaves the company, their access can be automatically blocked.
Another advantage is that password issues become a thing of the past. We’ve all experienced the hassle of different tools and passwords that require constant resets. With SAML, users log in via a central identity provider, so a single login is sufficient.
SAML also offers security advantages. Central authentication can easily be combined with modern security procedures, such as two-factor authentication. This is particularly important for sensitive project environments.
Lastly, everyone involved benefits from a significant increase in convenience. Log in once to access all connected applications directly without having to log in again.
What Has This Got to Do with in-STEP BLUE?
In-STEP BLUE is currently being expanded to support SAML-based single sign-on. This means that companies using a central identity provider will be able to connect in-STEP BLUE directly to it in the future. Users will log in as usual via the WebApp or desktop client, eliminating the need to assign a password. It’s simple, secure, and fast!
This will be particularly beneficial for regulated, security-critical companies that already use identity management solutions.
Why SAML If in-STEP BLUE Already Supports SSO?
In-STEP BLUE already supports single sign-on via Kerberos, which is an authentication protocol used within Windows domains. This tried-and-true solution works reliably in traditional corporate networks with Active Directory. However, modern IT landscapes have become more diverse. Many companies increasingly rely on cloud-based services, hybrid infrastructures, and collaboration with external partners. SAML is therefore a useful addition to existing authentication procedures.
Why Is SAML Additionally Useful?
SAML is a platform-independent, web-based authentication protocol. Unlike Kerberos, SAML works not only within Windows domains but also across multiple organizations and system landscapes. This means external employees or partners without a Windows account can log in centrally as well.
SAML can be easily integrated into modern IT environments. No separate infrastructure is required, only an identity provider (IdP) and a service provider (SP) based on standardized protocols. Many companies already rely on well-established cloud solutions, such as Microsoft Entra ID.
Conclusion
With the introduction of SAML in in-STEP BLUE, we are establishing the technical foundation for system access regardless of location or platform. This addition supplements existing SSO structures rather than replacing them. Companies will benefit from greater security and reduced administrative effort, and users will benefit from a simple, seamless login process.
Stay tuned — we will inform you as soon as SAML is available in in-STEP BLUE.