Intro to SAML

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Cyber Elite
Cyber Elite


Hi Everyone!


PAN-OS 8.0 introduced a new authentication profile called SAML, but what is so special about it?


Authentication protocols like LDAP, Kerberos and RADIUS have been around since before the dot-com bubble. They are reliable and are common in any network environment but with the emergence of web-based applications, Single Sign-On (SSO) and multi-factor authentication (MFA), they have somewhat fallen behind in flexibility.


In traditional authentication, these protocols cannot be combined so they need to be stacked sequentially, sometimes leading to collisions. SAML solves this problem.


SAML provides a new layer of authentication independent of the backend protocols or, for example, domain membership. It provides a user web-based Single Sign On across multiple entities and also federated identity across  multiple Service Providers. Federated identity allows Service providers to refer to a single user even if each Service Provider knows this user differently (eg. LDAP domain A + RADIUS domain B+ LDAP domain C).


To help us get better acquainted to SAML, Vignesh Sathiamoorthy, a Senior Technical Marketing Engineer from our product management team, has been so kind to write up a comprehensive introduction:



Introduction to SAML


I found it very educational, as I'm not very acquainted with SAML, and I hope you do too!



Reaper out

Register or Sign-in
About the Author
I drink and I know things