SAML 2.0 is the most recent iteration of the Security Assertion Markup Language as established by the OASIS organization. This standard facilitates the exchange of authentication and authorization information across different security domains.

SAML 2.0 operates as an XML-based protocol that utilizes security tokens with assertions to relay data about a principal (typically an end user) between a SAML authority (identity provider or IdP) and a SAML consumer (service provider or SP).

SAML Authentication Workflow

1. The user navigates to your Updraft subdomain and clicks the LOGIN with SSO button.

2. The user is then redirected to your Identity Provider (IdP) login page.

3. Using the IdP's web-based authentication system, the user logs in, and the IdP sends a SAML Response to the Updraft callback endpoint.

4. If the user is authenticated and has the necessary permissions in Updraft, they are granted access to the Updraft Organization where only authorized apps are visible.

   1. New Accounts in Updraft are created (no e-mail invitation or activation is sent)

   2. Owner or Admin is after the first login of the user able to add it to the Updraft projects