Security Assertion Markup Language (SAML) and OpenID Connect (OIDC) are the two supported protocols for SSO integration in Glean.
Single Sign-On (SSO) is a fundamental feature for enhancing enterprise security and user experience; enabling secure access to multiple corporate applications for employees using a single set of credentials.Glean supports both SAML and OIDC protocols for SSO integration, with OIDC being the preferred option due to its modern architecture, fine-grained control over permissions, and efficient directory information synchronization.Most SSO and Identity Providers (IdPs), including Microsoft Entra ID, Okta, and Google Workspace, support the use of both protocols when setting up SSO.
SAML is an XML-based standard for securely exchanging authentication and authorization data between IdPs and service providers. It is particularly suited for enterprise environments due to its robustness and comprehensive control over authentication and authorization processes.
Compatibility: SAML has a long-standing presence and is often the default or only supported protocol for older systems and applications.
Established Trust Framework: SAML is prevalent in sectors with existing federations or trust frameworks, making it a straightforward choice for entities needing to participate in these ecosystems.
OIDC, built on the OAuth 2.0 framework, adds an authentication layer, facilitating user identity verification using JSON Web Tokens (JWT) for secure user information transfer.
Updates information based on the SAML assertion token, which is only refreshed upon user login or re-authentication, potentially leading to delays in reflecting changes.
OIDC
Allows for asynchronous data synchronization based on granted permissions, enabling continuous updates without requiring user re-authentication, ensuring data remains current and accurate.
While both SAML and OIDC are valuable in the enterprise SSO landscape, OIDC’s detailed permission controls make it Glean’s preferred option for organizations to integrate with the platform.