What is SAML, and how does it enable SSO in an enterprise environment?

SAML is an XML-based framework for exchanging authentication and authorization data between an identity provider and service providers, and it enables enterprise single sign-on by letting the IdP vouch for a user’s identity to multiple apps. When a user tries to access a service, the service provider redirects to the identity provider for authentication. After the IdP verifies the user, it issues a digitally signed SAML assertion that asserts who the user is (and can include attributes about their role or permissions). The service provider trusts this assertion, validates its signature, and creates a local session for the user, allowing access without re-entering credentials. Because the IdP can issue assertions for many service providers, a user can seamlessly access multiple applications with one login. The other descriptions don’t fit: one suggests a file-sharing protocol with an unrelated name, another describes a framework for API security, and the last implies email encryption; none capture the role of a trusted IdP issuing SAML assertions to enable SSO across apps.