SAML vs. OAuth - Understand Differences and Benefits
Login is the first major step in your relationship with your users. Making it go smoothly reflects well on your applications. It also needs to be secure, but the requirements for identifying users safely are complex.
Using a defined protocol lets you give users a secure, established process for accessing privileged resources. SAML and OAuth are two systems that make allowing access more convenient and secure. Although they’re superficially similar, under the hood there are more differences than you might expect.
OAuth was originally developed by engineers from Google and Twitter. It lets you use login credentials for large sites—like Google or Twitter—to log in to other applications. That means you can carry the same credentials around the internet instead of having to create new ones for each site you visit.
SAML, or Security Assertion Markup Language, also lets you log in to multiple sites using a single sign-on, or SSO. It delivers assertions in XML that give information to authenticate users. Assertions can also include attributes or authorization decisions.
