SAML 2.0 The Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains. SAML exchanges security information between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee. When implemented correctly, SAML is one of the most secure methods of single sign-on available. The SAML 2.0 integration enables single sign-on by exchanging XML tokens with an external Identity Provider (IdP). The identity provider authenticates the user and passes a NameID token to the system. If the system finds a user with a matching NameID token (for example, the email address), the instance logs in that user. If you are using the SAML 2.0 plugin for Single Sign-on authentication, then you need to set the glide.ui.rotate_sessions property to false. Otherwise, it interferes with the session information sharing that takes place between the instance and the Identity Provider. Users with the security_admin elevated privilege can access this high security property by selecting System Security > High Security Settings. Note: It is recommended that customers using an existing SAML 2.0 integration upgrade to the latest SAML 2.0 integration update. SAML conceptsFamiliarize yourself with these SAML concepts.SAML 2.0 Single Sign-On - Update 1The SAML 2.0 Single Sign-On - Update 1: security enhancements plugin improves integration security by requiring additional checks against the SAMLResponse URL parameter.SAML setupSAML 2.0 setup involves several steps, including configuring IdP settings and installing the certificate.Integrating SAML 2.0 with other featuresYou can integration your SAML 2.0 solution with other features like E-Signature, deep linking, and ADFS.Migrating an existing SAML 1.1 integration to SAML 2.0To migrate from a SAML 1.1 integration to a SAML 2.0 integration, contact customer support. Update existing SAML 2.0 integrationPerform these steps to update your existing SAML 2.0 integration.Clone an instance with a SAML integrationPreserving SAML SSO-related settings can prevent the target instance from redirecting all authentication requests to the original IdP with the wrong issuer and audience parameters. SAML user provisioningIf users exist in your IdP but are not in your instance, SAML user provisioning can automatically create the users in your instance's User [sys_user] table.SAML 2.0 troubleshootingBefore contacting support, try the troubleshooting solutions available in the knowledge base on Hi.