SAML Authentication Overview
When a user asks to connect to a SAML-enabled web application in the Admin Portal, the traditional SAML roles are these:
-
The principal is the user, who’s already been authenticated in the Admin Portal through the Privileged Access Service. The principal is using a web browser (connected to the Admin Portal) or the mobile application as his user agent to request a web application connection.
-
The identity provider is the Privileged Access Service, which provides a SAML assertion that presents the user as an authenticated principal.
-
The service provider is the web application host that receives the SAML assertion and decides whether or not to grant resource access to the principal (the user).