Request a demo

A must-have for authentication management, SAML – Security Assertion Markup Language – is the most commonly used IT standard in the identity federation software market.

At SharingCloud, we rely on this secure standard to federate authentication for the vast majority of our customers on our Instant Suite platform.

Let's find out in more detail what this is all about.


SAML, authentication facilitator

Security Assertion Markup Language, more commonly known as SAML, is a normed, open and standardised protocol used, through multiple identity federation software applications, to establish a connection between two essential building blocks of authentication federation, namely:

The main benefit of federating identity through SAML is to allow the Service Provider to delegate the authentication part to the Identity Provider and thus to offer the client a single authentication portal specific to their organisation.

Thus, SAML offers single sign-on (often called SSO) for services that the customer uses on a daily basis. Indeed, SAML authentication is an SSO for a client's various tools, but also for the different SharingCloud services.


How does it work in practice?

To understand how SAML works, you have to keep in mind that 3 major actors are involved in the authentication process: the Identity Provider, the Service Provider and the User.

Indeed, the user plays a major role in this approach. It is the user who, through their browser, links the information on both sides using secure tokens. There is therefore no direct dialogue between the IdP and the SP but rather encrypted requests and responses, validated by certification, which are relayed by the user's browser.

To better clarify this concept, below is an explanatory diagram of the various steps involved in authenticating and identifying a user on Instant Suite using SAML.


Step 1: The user attempts to access Instant Suite (Service Provider) or one of its applications via a URL.

Step 2: Instant Suite (SP) generates a SAML authentication request in the form of an encrypted message, embedded in the partner's authentication service URL.

Step 3: Instant Suite sends the authentication URL containing the request to the browser. The browser forwards it to the Identity Provider, the partner.

Step 4: Once the URL is received, the Partner (IdP) decodes the SAML request and authenticates the user.

Step 5: The partner then generates an encoded SAML response, containing all the information relating to the creation of a user session/identification, such as the user's number, surname, first name or e-mail address. It returns the response to the browser, which in turn transfers it to Instant Booking's ACS service.

Step 6: The ACS service (a standard with a return URL for sending information processing) checks and validates the SAML response, then redirects it to the original URL.

Step 7: The user is now logged in to Instant Suite!

If the user does not exist in the SP's account management, it must be provisioned. Instant Suite can do this automatically, by creating user accounts during the authentication process. This is performed according to the clients' needs using the information contained in the encrypted response sent by the IdP.

Furthermore, if the SSO connection is set up and activated, authentication is automatic and secure!


Prerequisites for SAML implementation

A specific configuration is required upstream in order to implement SAML within the different organisations. As it is normalised and standardised, SAML is governed by the creation of a federation.

To create the federation, two essential points must be taken into account:

Updating the client certificate on our infrastructures, which originally required synchronisation between technical contacts, is now possible simply and automatically, thanks to developments carried out by our R&D and Infrastructure teams.

This automatic update ensures that the service is not interrupted when the original certificate expires.

This federation and certificate mechanism is common to all tools that use SAML.


Benefits for all stakeholders

Moreover, SAML considerably limits security system breaches (in this case phishing or hacking…) because passwords and other sensitive data are never disclosed. Indeed, the user is authenticated exclusively by means of encrypted messages.

In other words, the encrypted data transmitted by the IdP are a goldmine for understanding our users and better targeting their needs.

SAML at a glance

Federation through the SAML standard is:

In the context of a partnership with Microsoft, SharingCloud offers an application on the Azure Cloud for the integration of SAML into your organisations. This is a very simple and effective way to set up authentication to our Instant Suite solution via Azure AD.

Dear Customer, please do not hesitate to contact your Key Account Manager or our Support if you wish to implement a federation with your IdP.

Finally, two links that might be useful to you:

in touch!

Sign up

Receive our monthly newsletter on SharingCloud news, our new customers and our projects.


Protecting your personal data is important to us. See our GDPR page for more info.

SharingCloud ® 2010 - 2024