SAML (Security Assertion Markup Language) is an open standard that allows an identity provider to pass authorization credentials to a service provider. By using SAML with Apigee, you can support SSO for the Apigee UI.
How SAML works with Apigee
The SAML specification defines three entities:
- Principal (Apigee UI user)
- Service provider (Google Cloud Platform)
- Identity provider (any third-party provider that supports SAML 2.0)
When SAML is enabled, the principal (an Apigee UI user) requests access to the service provider (Google Cloud Platform). Google Cloud Platform (in its role as a SAML service provider) then requests and obtains an identity assertion from the third-party SAML identity provider and uses that assertion to create the OAuth 2.0 token required to access the Apigee UI. The user is then redirected to the Apigee UI.
Advantages of SAML authentication
SAML authentication offers several advantages. By using SAML you can:
- Take full control of user management: Connect your company's SAML server to Apigee. When users leave your organization and are deprovisioned centrally, they are automatically denied access to Apigee.
- Control how users authenticate to access Apigee: Select different authentication types for your Apigee organizations.
- Control authentication policies: Your SAML provider may support authentication policies that are more in line with your enterprise standards.
- Monitor logins, logouts, unsuccessful login attempts and high risk activities on your Apigee deployment.
Using SAML with Apigee
To use SAML with Apigee, refer to the resources provided in the following table.
|Apigee component||More information|
|Integrated portal||Configure the SAML identity provider|
|Drupal 8 portal||Integrate simpleSAMLphp authentication|