SAML Authentication Overview

When a user asks to connect to a SAML-enabled web application in the Admin Portal, the traditional SAML roles are these:

• The principal is the user, who’s already been authenticated in the Admin Portal through the Privileged Access Service. The principal is using a web browser (connected to the Admin Portal) or the mobile application as his user agent to request a web application connection.

• The identity provider is the Privileged Access Service, which provides a SAML assertion that presents the user as an authenticated principal.

• The service provider is the web application host that receives the SAML assertion and decides whether or not to grant resource access to the principal (the user).