Practice this topic in a realistic system design interview
A large company may use dozens of applications: HR tools, CRM systems, internal dashboards, cloud consoles, and more.
If every app manages users separately, things get messy quickly. Employees reuse or forget passwords. IT has to create and disable accounts in many places. One missed account during offboarding can become a security risk.
SAML solves this by moving login to a central Identity Provider. The Identity Provider verifies the user and sends a signed message to the application. The application, called the Service Provider, validates that message, maps the user, and starts its own session.
SAML is older than OpenID Connect, but it is still widely used in enterprise SaaS.
This chapter explains how SAML login works and what a Service Provider must check before trusting it.