SAML now the ID security choice for SaaS vendors

The Security Assertion Markup Language (SAML) has worked its way into the hearts and minds of SaaS providers to such an extent that it is now the dominant form of end user identity management.

A recent survey conducted jointly by identity management tools specialist, OneLogin and the Cloud Security Alliance has found that 67 percent of the SaaS vendors already use SAML today for single sign-on identity management, while 19 percent said they planned to implement SAML within the next 12 months.

Perhaps most telling of all, the survey showed that only 3 percent had no plans to implement the standard.

The findings have been published in OneLogin’s `2014 State of SaaS Identity Management’ survey. This was conducted to better understand the maturity of SaaS vendors in their implementation of identity management solutions, security standards and assurance certifications.

Most notably, the survey results point to the widespread adoption of SAML standards by SaaS vendors for single sign-on identity management, in response to customer demands for fast, simple and secure employee, customer and partner access to applications in their environments.

By eliminating all passwords and instead using digital signatures for authentication and authorisation of data access, SAML has become the Gold Standard for single sign-on into cloud applications. SAML-enabled SaaS applications are easier and quicker to provision  for users working in complex enterprise environments, are more secure, and help simplify identity management across large and diverse user communities.

Other findings in the survey show that 26 percent of respondents cited demand from existing customers as the primary driver behind their SAML adoption, 21 percent cited improved security and compliance, and nearly 22 percent cited quick integration into cloud application ecosystems.

Thirty-seven percent of the SaaS vendors leverage SAML on mobile versions of their apps, and 25 percent use SAML for desktop applications not including a web browser.

“As enterprises adopt more and more cloud-based applications, they need to be able to provision and de-provision both apps and users fast enough to keep up with business requirements, while maintaining tight security and compliance through identity management,” said Jim Reavis, CEO of the Cloud Security Alliance. “Our survey with OneLogin has revealed that SAML is quickly gaining momentum as the standard of choice for SaaS vendors looking to meet their customers’ demands for applications already architected for quick, easy provisioning and secure single sign-on.”

The Cloud Security Alliance is a not-for-profit organisation established to promote best practices in security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.

OneLogin is a longtime supporter of the SAML standard. Its cloud-based solution for single sign-on and enterprise identity management is pre-integrated via SAML with more than 350 enterprise applications, including Dropbox, EMC Syncplicity, Google Apps, NetSuite, Office 365, Salesforce, Workday and Zendesk. In addition, more than 150 SaaS vendors, including Dropbox, have used OneLogin’s free open source SAML Toolkits to SAML-enable their apps.

“When we open sourced our first SAML Toolkit three years ago, it was an attempt to grow the ecosystem by democratising single sign-on and making it available to companies of any size,” said Thomas Pedersen, co-founder and CEO for OneLogin. “This survey shows that SAML is stronger than ever and the momentum is fueled by the realisation that SAML provides a massive security boost by enabling enterprises to control access to their sensitive data.”

An accompanying infographic to this study is available here.