What Is SAML 2.0 and How Does It Work?


Thru supports Security Assertion Markup Language (SAML) 2.0, enabling single sign-on (SSO) authentication with a customer’s identity provider. Since SAML is such a widely adopted protocol for SSO, the inclusion of SAML 2.0 reduces the amount of methods that Thru’s customers use to access their various cloud applications.

What Is SAML 2.0?

For those not familiar with this subject, SAML 2.0 is an XML-based protocol used to pass information about employees between an identity provider (e.g., Azure AD, Okta, OneLogin, Ping Identity, Active Directory Federation Services [ADFS]) and cloud service providers (e.g., Thru, Office365, Google Apps, Salesforce). SAML is used to exchange authentication and authorization data in the form of security tokens that contain assertions about the user.

Specifically, SAML can be used for SSO authentication between enterprises and the cloud service providers listed above. If SAML-based SSO is deployed, employees can easily access multiple cloud applications inside and outside the office and not have to maintain multiple credentials.

what is saml and how does it work

What Is a SAML Assertion?

A SAML assertion is an XML document sent from the identity provider to the service provider. It has information about the user that the service provider needs to decide whether to let the user in and what level of access they should have.

There are three types of SAML assertions:

  1. Authentication assertion — Helps verify a user’s identification. It also includes information about when a user logged in and what method of authentication they used.
  2. Assigned or attribution assertion — Passes SAML attributes to the service provider. SAML attributes are pieces of data about the user.
  3. Authorization decision assertion — States if a user is authorized to use a service. Users may not be authorized if they use the wrong password or lack the rights to use it.

How Does SAML 2.0 Work with Thru?

Currently, Thru’s qualified identity providers are ADFS and Salesforce (SFDC). Customers that already use SAML 2.0 with another identity provider can easily sign onto Thru with a host of other cloud apps that they access using SAML 2.0.

If an organization using Thru has all its employees listed in a corporate Active Directory, an ADFS gateway is deployed and the SAML 2.0 based protocol can be configured to automatically sign corporate users into Thru and create user accounts if required. Since large organizations have thousands of employees that access various online cloud accounts, Thru’s SAML 2.0 support can eliminate additional overhead for users and administrators and simplify access.

Thru also supports mixed authentication, meaning some users authenticate with SSO and others authenticate with a password.

Learn more about our secure file transfer and compliance measures.



Have questions about managed file transfer?

Get answers, not a sales pitch. Our experts have analyzed, discussed and solved difficult file transfer challenges since 2002. We are here to help you.

Scroll to Top