SAML2 Overview
Suggest an editWhat is SAML 2.0?
1 Security Assertion Markup Language
SAML 2.0 (Security Assertion Markup Language) is an open standard for exchanging authentication and authorization data between parties. It enables Single Sign-On (SSO), allowing users to authenticate once and access multiple services.
A SAML flow involves two parties:
| Party | Role |
|---|---|
| Identity Provider (IdP) | Authenticates users and issues assertions |
| Service Provider (SP) | Trusts the IdP and grants access based on assertions |
2 How SAML Authentication Works
- User attempts to access a Service Provider (e.g., AWS Console)
- Service Provider redirects to the Identity Provider
- Identity Provider authenticates the user
- Identity Provider sends a signed assertion back to the Service Provider
- Service Provider validates the assertion and grants access
SplitSecure as Your Identity Provider
1 Threshold-Protected Authentication
SplitSecure acts as a SAML 2.0 Identity Provider with a critical difference: authentication requires threshold approval from your team.
| Traditional IdP | SplitSecure IdP |
|---|---|
| Single admin controls access | Team threshold controls access |
| One compromised account = breach | No single point of failure |
| Limited audit trail | Full approval audit trail |
2 How It Works
When you authenticate through SplitSecure:
- You initiate login to a Service Provider
- SplitSecure creates an authentication proposal
- Team members approve on their mobile devices
- Once threshold is reached, SplitSecure signs the SAML assertion
- You gain access to the Service Provider
Note
The signing key for SAML assertions is protected by threshold cryptography. No single person — not even SplitSecure — can sign assertions without team approval.
Getting Started
1 Prerequisites
Before configuring SAML integrations, you need:
- SplitSecure mobile app installed and set up
- Web Companion paired with your mobile app
- A team created in SplitSecure
If you haven’t completed these steps, see the Getting Started guides.
2 Next Steps
- Create a SAML2 Identity Provider — Set up your IdP in SplitSecure
- Configure Service Providers — Use the integration guides below to connect your services
Available Integrations
| Service Provider | Description |
|---|---|
| AWS | Amazon Web Services Console and CLI |
| Google Cloud | Google Cloud Platform Console |
| Google Workspace | Google Workspace admin and services |
| Microsoft Entra ID | Azure AD / Microsoft 365 |
| Okta | Okta identity management |
| Cloudflare | Cloudflare Dashboard and Zero Trust |
| Oracle Cloud | Oracle Cloud Infrastructure |
| IBM Cloud | IBM Cloud Console |
| PagerDuty | PagerDuty incident management |
| Kandji | Kandji MDM |
| Rapid7 | Rapid7 security platform |