SAML Integrations

VTS Activate can display embedded webviews for end users. It can be a simple link out or authenticated webviews that use SAML 2.0 standards to authenticate users between products. For third-party integrations, Activate manages authentication via the Identity Provider-Initiated (IdP-Initiated) SAML flow.

In this flow, Activate acts as the IdP and the partner application will act as the service provider (SP). This flow does not require the user to interact with the SP's application to begin the process.

What is SAML?

It is a authentication standard and a protocol used for SSO. SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP).

Identity provider: verifies the user and asserts its identity (usually Activate side).

Service provider: trusts identity provider and gives user access to the necessary resource/function.

Main user case is to integration with third party to automatically authenticate Activate’s users into somebody else’s system. Given that the user has already signed into VTS Activate (the identity provider), the user can access service provider resources simply by navigating to a VTS Activate URL that redirects to the service provider service URL, for which VTS Activate will include a SAML assertion alongside the redirect POST request.

Why IdP-initiated SAML?

This was chosen to make the experience as smooth as possible for end-users, while limiting requirements to customize standard auth mechanisms.