Introducing SAML

The product called OneSpan Sign provides a complete e-signature platform for the Web, including preparing, distributing, reviewing, signing, and downloading documents.

SAML (Security Assertion Markup Language) is a format for exchanging authentication and authorization data between an Identity Provider and a Service Provider.

To facilitate integration with third-party applications that provide Web SSO (Single Sign-On), OneSpan Sign supports the SAML 2.0 protocol. By performing the procedures listed below, you can:

• Enable "senders" (members of a OneSpan Sign account) to log in to OneSpan Sign using SSO via SAML 2.0 tokens.

• Enable "recipients" (not members of a OneSpan Sign account) to access the Signer Experience using SSO via SAML 2.0 tokens.

SAML logins to OneSpan Sign enable:

• A better User Experience, since users are logged in to OneSpan Sign transparently

• No need for the user to remember a password to log in

• Less time spent re-entering a password

• The option of automatically creating a new sender for the OneSpan Sign account upon a user's very first login to OneSpan Sign. Note that: (1) senders can be created even when multiple accounts have the same Identity Provider; (2) a new sender can be specified as either a Manager or a Member.

• Reduced IT costs (via centrally-managed accounts and credentials)

• "Recipients" to access the Signer Experience in a more secure manner

Regardless of how their account is configured for Single Sign-On Authentication, group signers must always log in to the sender part of the New User Experience before they sign.

Enabling a SAML login to OneSpan Sign generally entails successively performing the following procedures:

1. Getting Started

2. Configuring Your Identity Provider

3. Configuring SAML on your OneSpan Sign Account

4. Testing Your SSO Functionality

The protocol binding for SAML 2.0 is HTTP-Redirect and HTTP-POST.