SAML authentication overview

When a user asks to connect to a SAML-enabled web application in the User Portal, the traditional SAML roles are these:

  • The principal is the user, who’s already been authenticated in the User Portal through CyberArk Identity. The principal is using a web browser (connected to the User Portal) or the mobile application as his user agent to request a web application connection.
  • The identity provider is CyberArk Identity, which provides a SAML assertion that presents the user as an authenticated principal.
  • The service provider is the web application host that receives the SAML assertion and decides whether or not to grant resource access to the principal (the user).