SAML overview
Security Assertion Markup Language (SAML) is a standard for exchanging authentication requests and responses between service providers (SPs) and identity providers (IdPs). It enables SPs to give users access to applications across multiple security domains through a single sign-on (SSO) authentication service that the IdP provides. Upon receiving an authentication request, the IdP responds with an SAML assertion, which is a message that shows whether a user authenticated successfully. SAML is beneficial because it allows identity providers and service providers to exist separately and centralize the user management to access the SaaS solutions.
SAML-based Single Sign on (SSO)
Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It makes sense to use this information to log users in to other applications, such as PHPKB, and one of the more elegant ways of doing this is by using SAML Single Sign-on. PHPKB offers SAML-based Single Sign on (SSO) in all its Enterprise Editions. To enable this, you need to be a superuser in the knowledge base. If you are a company IdP admin, we can get started! If not, you will need to coordinate with whoever manages your identity provider (IdP).
SAML integration relies on a user level token. To insure consistent delivery of SAML services, we recommend using an admin service account such as IT@yourcompany.com.
What are the benefits of using PHPKB's SAML SSO service?
The SAML single sign-on (SSO) login standard has significant advantages over logging in using a username/password:
- The biggest advantage of SAML SSO is arguably the scalability it provides. Automated credentials management means that your team need not take care of user passwords manually for PHPKB knowledge base system. This reduces the human error factor and frees up your team's to focus on more important tasks.
- Other benefits include rapid provisioning for cloud-first applications; PHPKB SSO supports Security Assertion Markup Language (SAML) 2.0, therefore, PHPKB knowledge base can be quickly provisioned by your SSO admin and rolled out to employees.
- SAML SSO offers increased security because of two-factor authentication which results in productivity gains, and fewer IT helpdesk calls for password resets.
- Your customers need not to type in credentials over and again to access the PHPKB knowledge base software.
- They need not remember separate passwords and there would be centralized control over the passwords.
Integrating PHPKB with a SAML IdP
PHPKB knowledge management software supports Single Sign-On (SSO) which will allow your IdP to authenticate your end users using your authentication service, such as your web application login. Once verified, your end users can then view your knowledge base. However, if your end users navigate directly to PHPKB knowledge base without first authenticating through, they would be redirected to your IdP (e.g. your website login page). With SSO user just needs to login once to your website or other application and he immediately and automatically gets authenticated to PHPKB. PHPKB SAML Single Sign-On (SSO) Reference Guide explains how to enable the SAML SSO In PHPKB and how to prepare the SSO query parameters.
For instance, in the figure above, if a non-logged in user tries to access the PHPKB knowledge base software, the user will be sent to your IdP for authentication. After authentication and receival of necessary user token, PHPKB will allow the user to access the knowledge base.
Please refer to the SAML SSO Plugin page to know more about the plugin, its features, available editions and cost.
