Last modified: 2024-04-12

Single Sign-On Authentication Using SAML

The product called OneSpan Sign provides a complete e-signature platform for the Web, including preparing, distributing, reviewing, signing, and downloading documents.

SAML (Security Assertion Markup Language) is a format for exchanging authentication and authorization data between an Identity Provider and a Service Provider.

To facilitate integration with third-party applications that provide Web SSO (Single Sign-On), OneSpan Sign supports the SAML 2.0 protocol. By performing the procedures listed below, you can:

  • Enable "senders" (members of a OneSpan Sign account) to log in to OneSpan Sign using SSO via SAML 2.0 tokens.
  • Enable "recipients" (not members of a OneSpan Sign account) to access the Signer Experience using SSO via SAML 2.0 tokens.

SAML logins to OneSpan Sign enable:

  • A better User Experience, since users are logged in to OneSpan Sign transparently
  • No need for the user to remember a password to log in
  • Less time spent re-entering a password
  • The option of automatically creating a new sender for the OneSpan Sign account upon a user's very first login to OneSpan Sign. Note that: (1) senders can be created even when multiple accounts have the same Identity Provider; (2) a new sender can be specified as either a Manager or a Member.
  • Reduced IT costs (via centrally-managed accounts and credentials)
  • "Recipients" to access the Signer Experience in a more secure manner

Regardless of how their account is configured for Single Sign-On Authentication, group signers must always log in to the sender part of the New User Experience before they sign.

Enabling a SAML login to OneSpan Sign generally entails successively performing the following procedures:

  1. Getting Started
  2. Configuring Your Identity Provider
  3. Configuring SAML on your OneSpan Sign Account
  4. Testing Your SSO Functionality

The protocol binding for SAML 2.0 is HTTP-Redirect and HTTP-POST.

Was this information helpful?