Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

SAML Glossary

Key SAML terms and definitions used in Foundry integrations

Overview

SAML uses specialized terminology that can be confusing if you do not work with single sign‑on regularly. This glossary explains common SAML terms and how they are used in the context of Foundry.

For general SAML background, you can reference external resources such as
https://developers.onelogin.com/saml. This page focuses specifically on how these terms apply when configuring SAML with Foundry.

Common SAML Terms

SSO (Single Sign‑On)
Allows a user to sign in once and access multiple connected systems, such as Foundry, without logging in again or managing multiple passwords.

SLO (Single Log‑Out)
Allows signing out of one system to trigger sign‑out across all systems in the same SSO session. Foundry supports SLO.

IAM System (Identity and Access Management)
A framework of tools and policies used to manage user identities and access. In SAML setups, this refers to the partner’s identity infrastructure. Common IAM systems include Okta, Microsoft AD FS, PingFederate, and OneLogin.

IdP (Identity Provider)
The system that authenticates users and stores their identities. The IdP is the central hub of a SAML SSO flow. In Foundry, admins configure IdP details such as certificates and identifiers.

SP (Service Provider)
An application, such as Foundry, that relies on the IdP to authenticate users. In many IAM platforms, a service provider may be labeled as an app, relying party trust, or similar term.

SP‑Initiated SSO
An SSO flow that starts from the service provider. In Foundry, this occurs when a user accesses the Foundry login page.

IdP‑Initiated SSO
An SSO flow that starts from the identity provider, typically from an IdP portal that includes a link to Foundry.

Technical SAML Terms

These terms are more commonly used when working with IT, security, or integration teams.

Certificate
A digital credential used to verify the identity of an IdP or SP. Foundry uses an X.509 certificate that may be required during IAM configuration.

Signature
A verification mechanism applied to SAML requests, responses, and metadata. Signatures confirm that messages come from a trusted source. Foundry signs its SAML authorization and logout requests.

Issuer (Entity ID)
Identifies the organization sending a SAML message. The IdP issuer typically matches the Entity ID configured in Foundry.
Foundry Entity ID examples:

  • https://fifoundry.net/{org-slug}/saml/sp
  • https://fifoundry.net/saml/sp (legacy)

Metadata File or Metadata URL
Contains configuration details about an IdP or SP, including endpoints, certificates, and identifiers.

Authorization Request (AuthnRequest)
A request sent by the service provider to the IdP asking to authenticate a user. This occurs during SP‑initiated SSO.

Response
A message sent from the IdP to the SP containing authentication results and user identity data.

Assertion
A component within a SAML response that contains the authenticated user’s identifier and optional attributes.

NameID
The value that uniquely identifies the authenticated user. This is commonly an email address but may also be an employee ID or another unique identifier.

Attribute
Additional user information included in the SAML assertion, such as first name, last name, or employee ID.

ACS (Assertion Consumer Service)
The endpoint URL where Foundry receives SAML responses. This is often referred to as the single sign‑on page.