Security Assertion Markup Language, or SAML, is a standardized way to use a centralized directory of users, like Azure Active Directory, to securely allow access to external applications and services.  SAML makes single sign-on (SSO) with external applications and service possible.  SAML is an interoperable standard — it is a widely accepted way to communicate a user's identity to cloud service providers.  

​

Below is a diagram that demonstrates the SAML authentication process.  

​

1. A user accesses a cloud application, like a CRM, that requires them to login. 

2. The application is configured to send a SAML authentication request to an Identify Provider like Microsoft Azure Active Directory (AAD). 

3. AAD prompts the user for their credentials – username, password, and possibly Multi-Factor Authentication (MFA) like a PIN from an app on their smartphone. 

4. The user enters their credentials to be validated by AAD. 

5. AAD validates the credentials and sends a confirmation to the application. 

6. The user is granted access to the requested application or services.