Difference from OAuth
OAuth is newer, JSON-based, mobile-first. Preferred by modern SaaS.
SAML is older (2002), XML-based, heavy but mature. Still widely used in enterprise IT.
Often SAML handles user identity while OAuth handles resource access.
Who uses it
Major enterprise SaaS — Salesforce, ServiceNow, Workday — support SAML. Active Directory (Microsoft AD), Okta, and Azure AD generally provide enterprise SSO via SAML.
Onremo currently supports the OAuth 2.0 standard. SAML support is on the roadmap for Enterprise plan users.
Flow
1. User logs in to Salesforce.
2. Salesforce, seeing the user is not yet signed in, redirects to the Identity Provider (Okta).
3. The user signs in to Okta.
4. Okta produces a SAML Assertion and sends it to Salesforce.
5. Salesforce verifies the assertion and admits the user.