Single Sign-On Authentication Using SAML
The product called OneSpan Sign provides a complete e-signature platform for the Web, including preparing, distributing, reviewing, signing, and downloading documents.
SAML (Security Assertion Markup Language) is a format for exchanging authentication and authorization data between an Identity Provider and a Service Provider.
To facilitate integration with third-party applications that provide Web SSO (Single Sign-On), OneSpan Sign supports the SAML 2.0 protocol. By performing the procedures listed below, you can:
- Enable "senders" (members of a OneSpan Sign account) to log in to OneSpan Sign using SSO via SAML 2.0 tokens.
- Enable "recipients" (not members of a OneSpan Sign account) to access the Signer Experience using SSO via SAML 2.0 tokens.
SAML logins to OneSpan Sign enable:
- A better User Experience, since users are logged in to OneSpan Sign transparently
- No need for the user to remember a password to log in
- Less time spent re-entering a password
- The option of automatically creating a new sender for the OneSpan Sign account upon a user's very first login to OneSpan Sign. Note that: (1) senders can be created even when multiple accounts have the same Identity Provider; (2) a new sender can be specified as either a Manager or a Member.
- Reduced IT costs (via centrally-managed accounts and credentials)
- "Recipients" to access the Signer Experience in a more secure manner
Regardless of how their account is configured for Single Sign-On Authentication, group signers must always log in to the sender part of the New User Experience before they sign.
Enabling a SAML login to OneSpan Sign generally entails successively performing the following procedures:
- Getting Started
- Configuring Your Identity Provider
- Configuring SAML on your OneSpan Sign Account
- Testing Your SSO Functionality
The protocol binding for SAML 2.0 is HTTP-Redirect and HTTP-POST.