| Channel | Publish Date | Thumbnail & View Count | Download Video |
|---|---|---|---|
 | Publish Date not found |  0 Views |
Learn more about SSO with JumpCloud: https://jumpcloud.com/platform/single-sign-on?utm_sourceyoutube-organic&utm_mediumreferral&utm_contentsaml-vs-openid
Try JumpCloud for free: https://jumpcloud.com/signup?utm_sourceyoutube-organic&utm_mediumreferral&utm_contentsaml-vs-openid
Resources and social media:
-Blog: https://jumpcloud.com/blog?utm_sourceyoutube-organic&utm_mediumreferral&utm_contentsaml-vs-openid
-Community: https://community.jumpcloud.com/
-Facebook: https://www.facebook.com/JumpCloud.DaaS/
-Twitter: https://twitter.com/JumpCloud
-LinkedIn: https://www.linkedin.com/company/jumpcloud
#jumpcloud #sso #singlesignon #oauth2 #saml
Transcript:
OpenID Connect and SAML are both used for single sign-on or SSO and the login process is similar. However, there are distinct technical differences that you should review before starting your project. SAML allows an identity provider or IDP to securely federate identities for authentication and authorization in web apps. SAML can be more difficult for service providers or SPs to implement and some even charge for it. It requires an XML schema to transmit user information. This aspect can be very granular in managing access, control and permissions but also adds a certain amount of complexity. This is where OpenID comes in. It can be easier for SPs to implement because it is lightweight and powerful. It focuses only on authentication. This makes it a popular choice for managing login flows and assertions for mobile applications.
SAML is a widely used, mature SSO protocol. Passwords are not sent over the wire or stored at SPs. It logs users in with a set of credentials, but can also authorize access to resources between the IDP and SP. XML documents carry statements about the user, who they are, and how that information was issued. Web browsers help enable this, and SAML will always be used for websites. OpenID is based on the OAUTH 2.0 standard and works a little differently. Users are redirected from the relying party (RP) to the OpenID provider (OP), unlike IDPs and SPs. There are direct calls between RP and OP using REST and JSON message flows, accessible through APIs.
ID tokens convey information or claims about the user rather than containing them in SAML's XML documents. Claims are OpenID's equivalent of SAML assertions. The difference in the way identity information is shared between the protocols means that OpenID can be used for both websites and applications. Both SAML and OpenID are authentication protocols and it is not a binary choice. They can be used in combination with other authentication standards depending on the use case. For example, a healthcare subject matter expert would use SAML to securely access application portals, but a mobile app would benefit from the efficiency of OpenID. The choice depends on your technical requirements, the applications your organization uses, and the resources available to implement SSO.
JumpCloud provides both SAML and OpenID configurations for SSO implementation, as well as pre-built and custom connectors. For more information, see the link in the description below.
Please take the opportunity to connect with your friends and family and share this video with them if you find it useful.
