NOTE: Some aspects of this product are in Beta. The hybrid installation options are GA. To join the Beta program, reach out to your Apigee representative.

SAML overview

SAML (Security Assertion Markup Language) is an open standard that allows an identity provider to pass authrization credentials to a service provider. By using SAML with Apigee, you can support SSO for the Apigee UI.

How SAML works with Apigee

The SAML specification defines three entities:

  • Principal (Apigee UI user)
  • Service provider (Google Cloud Platform)
  • Identity provider (any third-party provider that supports SAML 2.0)

When SAML is enabled, the principal (an Apigee UI user) requests access to the service provider (Google Cloud Platform). Google Cloud Platform (in its role as a SAML service provider) then requests and obtains an identity assertion from the third-party SAML identity provider and uses that assertion to create the OAuth 2.0 token required to access the Apigee UI. The user is then redirected to the Apigee UI.

Advantages of SAML authentication

SAML authentication offers several advantages. By using SAML you can:

  • Take full control of user management: Connect your company's SAML server to Apigee. When users leave your organization and are deprovisioned centrally, they are automatically denied access to Apigee.
  • Control how users authenticate to access Apigee: Select different authentication types for your Apigee organizations.
  • Control authentication policies: Your SAML provider may support authentication policies that are more in line with your enterprise standards.
  • Monitor logins, logouts, unsuccessful login attempts and high risk activities on your Apigee deployment.

Using SAML with Apigee

To use SAML with Apigee, refer to the resources provided in the following table.

Apigee component More information
Apigee UI
Integrated portal Configure the SAML identity provider
Drupal 8 portal Integrate simpleSAMLphp authentication