{"id":60307,"date":"2022-03-16T11:00:00","date_gmt":"2022-03-16T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=60307"},"modified":"2023-05-23T13:25:15","modified_gmt":"2023-05-23T17:25:15","slug":"saml-vs-openid","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid","title":{"rendered":"SAML vs. OpenID (OIDC)"},"content":{"rendered":"\n<p>There\u2019s a small universe of identity and authentication protocols\/standards, each with its own benefits and differences. This article explores how SAML and OpenID Connect (OIDC) compare, the scenarios where either protocol would be beneficial for your organization, and how each contributes to identity and access management (IAM). Each approach will enable single sign-on (SSO), but there are distinct technical and ideological differences to assess before you begin your project: SAML is more specialized toward securely granting website access across domains while OIDC provides additional context for mobile and web applications.<\/p>\n\n\n\n<figure class=\"image is-16by9\">\n<iframe class=\"has-ratio\" width=\"300\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/A7GVeqFvqFM?rel=0\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen=\"\"><\/iframe>\n<\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">SAML vs. OpenID (OIDC)&nbsp;<\/h2>\n\n\n\n<p>This article could simply offer a comparison between <a href=\"https:\/\/jumpcloud.com\/blog\/what-is-saml\">Security Assertion Markup Language (SAML 2.0)<\/a> and <a href=\"https:\/\/jumpcloud.com\/blog\/oauth-what-is\">OAuth<\/a> (Open Authorization). OAuth is the foundation for OIDC, but OIDC extends the former with an identity layer to authenticate your existing user accounts using a decentralized service that\u2019s operated by the not-for-profit OpenID Foundation. The open source community initiated OpenID\u2019s development in 2005 with the objective that identities should be decentralized and not owned by a third party. There\u2019s now over one billion OpenID-enabled user accounts from over 50,000 websites, according to the foundation. It\u2019s the steward of the infrastructure that supports OIDC authentication, its community, and any legal or governance operations.&nbsp;<\/p>\n\n\n\n<p>SAML 2.0, on the other hand, is an open standard that has provided authentication and authorization between commercial and private identity providers (IdP) and service providers (SP) since 2003. It began as a way to implement SSO using an XML based framework to allow identity providers and services to exist separately from one another, with centralized user management. Let\u2019s begin by examining how SAML works, exploring it component by component.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"692\" height=\"390\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/05\/1.2-27.png\" alt=\"\" class=\"wp-image-63692\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/1.2-27.png 692w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/1.2-27-300x169.png 300w\" sizes=\"(max-width: 692px) 100vw, 692px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How SAML Works<\/h2>\n\n\n\n<p>SAML is an open standard for authentication (and authorization, if required) that provides SSO access to web applications through <a href=\"https:\/\/jumpcloud.com\/blog\/identity-federation-services\">identity federation<\/a>. SAML relays user credentials from an IdP that owns and maintains identities to verify access rights and SPs. Service providers require authentication prior to granting users access to the resource. Each user (or group) has attributes that outline profile information and assert what exactly they\u2019re authorized to access.<\/p>\n\n\n\n<p>SAML uses extensible markup language (XML) metadata documents (SAML tokens) for an assertion process to verify a user\u2019s identity and access privileges.<\/p>\n\n\n\n<p>Developers use SAML plugins within apps or resources for an SSO login experience that assures security practices are being followed and credentials\/assertions determine who can access an application. Additionally, SAML can be used to control what resources an identity can access in an application.&nbsp;<\/p>\n\n\n\n<p>SAML is comprised of several core components that make it possible to exchange user information for access control, including IdP, client, attributes, to the SP.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Identity Provider (IdP)<\/h3>\n\n\n\n<p>An IdP is a service that maintains and manages digital identities to verify user credentials throughout applications, networks, and web services. It\u2019s primary role is to safeguard the integrity of user credentials and federate user identity where SSO logins are desired.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Client<\/h3>\n\n\n\n<p>Clients are your users who will authenticate into a service using the credentials that are being managed by an IdP. For example, your employer may use SAML for SSO access into the services that you need to work, using your company email address and password.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Attribute<\/h3>\n\n\n\n<p>SAML transfers messages, called assertions, from an IdP to a service provider. These assertions set all relevant security requirements for the transaction by authenticating, authorizing, and determining the level of permissions a client will receive. Attributes such as \u201cdept,\u201d \u201cemail,\u201d and \u201crole,\u201d are used to enforce access management and access control. Sometimes, custom attributes are used so that SAML can be extended for use with custom software.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Service Provider (SP)<\/h3>\n\n\n\n<p>Service providers are a resource that users authenticate into using SAML SSO, usually a private website or application. They receive, accept, or deny assertions from IdPs for each client profile prior to granting users access. SPs send requests to IdPs to begin the authentication process, and the client\u2019s assertion is received in response. The process is sometimes reversed when an IdP initiates the sign-in flow to assert user identity. It can be initiated either way.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How OIDC Works<\/h2>\n\n\n\n<p>OIDC extends the OAuth protocol so that client services (your applications) verify user identities and exchange profile information through OpenID providers via RESTful APIs that dispatch JSON web tokens (JWTs) to share information during the authentication process. The providers are essentially authentication servers. Many developers are attracted to this approach because it\u2019s highly scalable, flexible across platforms, and is relatively simple to implement. Its main components are a unique user ID workflow with OAuth underpinnings.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">User Authentication<\/h3>\n\n\n\n<p>A resource owner (your users) authenticates and is authorized to access a client application by way of an authorization server that grants an access token that allows apps to receive consented information from a UserInfo endpoint. A UserInfo endpoint is a protected resource found on an OpenID server that contains claims (assertions) about each user in a JSON object. Authentication information is then encoded within an ID Token that\u2019s received by the app. This information is cached for scalable performance and personalizes the end-user experience.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"692\" height=\"590\" src=\"https:\/\/jumpcloud.com\/\/wp-content\/uploads\/2022\/05\/2.2-22.png\" alt=\"\" class=\"wp-image-63693\" srcset=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/2.2-22.png 692w, https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/05\/2.2-22-300x256.png 300w\" sizes=\"(max-width: 692px) 100vw, 692px\" \/><figcaption class=\"wp-element-caption\"><em>Source: OpenID Foundation<\/em><\/figcaption><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Built on OAuth 2.0 Protocol<\/h3>\n\n\n\n<p>OIDC is built on top of the OAuth 2.0 framework, which is a standard that grants third-party apps and service access to user ID resources. No user credentials are sent over the wire or stored on third-party servers, which increases security and ease of use for IT administrators.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Similarities<\/h2>\n\n\n\n<ul>\n<li>Both frameworks are identity protocols that make SSO possible.<\/li>\n\n\n\n<li>Both frameworks are secure, well-documented, and mature.<\/li>\n\n\n\n<li>Users authenticate via an IdP, typically once, and then can access other applications that \u201ctrust\u201d the IdP. Some Zero Trust services will authenticate at each point down the chain and periodically verify access using another authentication method.<\/li>\n\n\n\n<li>The login workflow appears very similar to the end user, who doesn\u2019t have any visibility into the various technical differences that occur behind the scenes.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Differences<\/h2>\n\n\n\n<ul>\n<li>Many developers believe that OpenID Connect is simpler to implement because there\u2019s no XML handling.<\/li>\n\n\n\n<li>OpenID lacks user authorization data (such as permissions) and focuses primarily on identity assertion. SAML is an identity data exchange and is very feature-rich.<\/li>\n\n\n\n<li>Authentication is decentralized with OpenID.<\/li>\n\n\n\n<li><a href=\"https:\/\/jumpcloud.com\/blog\/what-is-saml-assertion\">SAML uses assertions<\/a> versus the OpenID and OAuth architecture of ID tokens.<\/li>\n\n\n\n<li>OIDC is designed for API workloads and can be used to secure APIs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Use Cases<\/h2>\n\n\n\n<p>Developers and IT organizations should select the solution that works best for their particular use case(s). However, it\u2019s sometimes possible to utilize more than one simultaneously. Regardless, use cases have developed organically with OIDC being utilized for back channel web and mobile applications that request access tokens.&nbsp;<\/p>\n\n\n\n<p>SAML is nearly always used for front channel website access where users are the ones who are triggering the app to authenticate. The latter assumes that client applications (a web service) are operating from separate devices than the resource owner (you). Below are some general guidelines for use cases:<\/p>\n\n\n\n<ul>\n<li>A mobile app typically uses a service such as OIDC, because it\u2019s lighter weight, and many of the facilities that developers use are pre-built or available from add-on libraries.<\/li>\n\n\n\n<li>Apps that have SAML built-in are a no-brainer, just use SAML.<\/li>\n\n\n\n<li>Use SAML for accessing enterprise apps via a portal.<\/li>\n\n\n\n<li>Protecting APIs or exposing APIs are services that will require OAuth 2.0 or OIDC.<\/li>\n\n\n\n<li>Enterprises sometimes favor SAML due to its capacity for customization and prioritization of secure data exchange. Regulated industries should almost always opt for SAML to protect sensitive user information.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Using OIDC and SAML Together<\/h3>\n\n\n\n<p>These protocols aren\u2019t mutually exclusive. Consider using SAML for enterprise SSO to secure access to your organization\u2019s resources and OIDC for mobile use cases that have high scalability requirements. Each has its own inherent advantages and either can provide SSO services.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Learn More<\/h2>\n\n\n\n<p>If you\u2019d like to learn more about how to combine the best of both worlds, using SAML and OIDC, please<a href=\"https:\/\/jumpcloud.com\/contact\"> contact us<\/a>. The JumpCloud platform utilizes user attributes to make smart group membership suggestions, and much more. You can also explore what JumpCloud has to offer by scheduling a <a href=\"https:\/\/jumpcloud.com\/demo\">free personalized demo<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There\u2019s a small universe of identity and auth standards, with their own benefits. This article explores how SAML and OpenID Connect (OIDC) compare.<\/p>\n","protected":false},"author":150,"featured_media":60310,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","inline_featured_image":false,"footnotes":""},"categories":[2781,2337],"tags":[2699,2700,2395,2392,2391],"collection":[2779,2780],"platform":[],"funnel_stage":[3016],"coauthors":[2535],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v22.9 (Yoast SEO v22.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SAML vs. OpenID (OIDC) - JumpCloud<\/title>\n<meta name=\"description\" content=\"The universe of identity and auth standards is small, and each has its merits. In this JumpCloud blog, we compare SAML vs OpenID and discuss use cases.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAML vs. OpenID (OIDC)\" \/>\n<meta property=\"og:description\" content=\"The universe of identity and auth standards is small, and each has its merits. In this JumpCloud blog, we compare SAML vs OpenID and discuss use cases.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\" \/>\n<meta property=\"og:site_name\" content=\"JumpCloud\" \/>\n<meta property=\"article:published_time\" content=\"2022-03-16T15:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-23T17:25:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"853\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"David Worthington\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"David Worthington\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#article\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\"},\"author\":{\"name\":\"David Worthington\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\"},\"headline\":\"SAML vs. OpenID (OIDC)\",\"datePublished\":\"2022-03-16T15:00:00+00:00\",\"dateModified\":\"2023-05-23T17:25:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\"},\"wordCount\":1354,\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png\",\"keywords\":[\"OIDC\",\"OpenID\",\"SAML\",\"single sign-on\",\"SSO\"],\"articleSection\":[\"How-To\",\"Remote Work\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\",\"url\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\",\"name\":\"SAML vs. OpenID (OIDC) - JumpCloud\",\"isPartOf\":{\"@id\":\"https:\/\/jumpcloud.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage\"},\"thumbnailUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png\",\"datePublished\":\"2022-03-16T15:00:00+00:00\",\"dateModified\":\"2023-05-23T17:25:15+00:00\",\"description\":\"The universe of identity and auth standards is small, and each has its merits. In this JumpCloud blog, we compare SAML vs OpenID and discuss use cases.\",\"breadcrumb\":{\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png\",\"width\":1280,\"height\":853},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/jumpcloud.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAML vs. OpenID (OIDC)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/jumpcloud.com\/#website\",\"url\":\"https:\/\/jumpcloud.com\/\",\"name\":\"JumpCloud\",\"description\":\"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.\",\"publisher\":{\"@id\":\"https:\/\/jumpcloud.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/jumpcloud.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/jumpcloud.com\/#organization\",\"name\":\"JumpCloud\",\"url\":\"https:\/\/jumpcloud.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"contentUrl\":\"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png\",\"width\":598,\"height\":101,\"caption\":\"JumpCloud\"},\"image\":{\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e\",\"name\":\"David Worthington\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g\",\"caption\":\"David Worthington\"},\"description\":\"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.\",\"sameAs\":[\"https:\/\/jumpcloud.com\/blog\",\"david.worthington@jumpcloud.com\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SAML vs. OpenID (OIDC) - JumpCloud","description":"The universe of identity and auth standards is small, and each has its merits. In this JumpCloud blog, we compare SAML vs OpenID and discuss use cases.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid","og_locale":"en_US","og_type":"article","og_title":"SAML vs. OpenID (OIDC)","og_description":"The universe of identity and auth standards is small, and each has its merits. In this JumpCloud blog, we compare SAML vs OpenID and discuss use cases.","og_url":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid","og_site_name":"JumpCloud","article_published_time":"2022-03-16T15:00:00+00:00","article_modified_time":"2023-05-23T17:25:15+00:00","og_image":[{"width":1280,"height":853,"url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png","type":"image\/png"}],"author":"David Worthington","twitter_card":"summary_large_image","twitter_misc":{"Written by":"David Worthington","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#article","isPartOf":{"@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid"},"author":{"name":"David Worthington","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e"},"headline":"SAML vs. OpenID (OIDC)","datePublished":"2022-03-16T15:00:00+00:00","dateModified":"2023-05-23T17:25:15+00:00","mainEntityOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid"},"wordCount":1354,"publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png","keywords":["OIDC","OpenID","SAML","single sign-on","SSO"],"articleSection":["How-To","Remote Work"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid","url":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid","name":"SAML vs. OpenID (OIDC) - JumpCloud","isPartOf":{"@id":"https:\/\/jumpcloud.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage"},"image":{"@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage"},"thumbnailUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png","datePublished":"2022-03-16T15:00:00+00:00","dateModified":"2023-05-23T17:25:15+00:00","description":"The universe of identity and auth standards is small, and each has its merits. In this JumpCloud blog, we compare SAML vs OpenID and discuss use cases.","breadcrumb":{"@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/jumpcloud.com\/blog\/saml-vs-openid"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#primaryimage","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2022\/03\/smartphone-5437654_1280.png","width":1280,"height":853},{"@type":"BreadcrumbList","@id":"https:\/\/jumpcloud.com\/blog\/saml-vs-openid#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/jumpcloud.com\/"},{"@type":"ListItem","position":2,"name":"SAML vs. OpenID (OIDC)"}]},{"@type":"WebSite","@id":"https:\/\/jumpcloud.com\/#website","url":"https:\/\/jumpcloud.com\/","name":"JumpCloud","description":"Daily insights on directory services, IAM, LDAP, identity security, SSO, system management (Mac, Windows, Linux), networking, and the cloud.","publisher":{"@id":"https:\/\/jumpcloud.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/jumpcloud.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/jumpcloud.com\/#organization","name":"JumpCloud","url":"https:\/\/jumpcloud.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/","url":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","contentUrl":"https:\/\/jumpcloud.com\/wp-content\/uploads\/2021\/01\/jc-logo-brand-2021.png","width":598,"height":101,"caption":"JumpCloud"},"image":{"@id":"https:\/\/jumpcloud.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/185ca12034835ee50ee17b100abdfb2e","name":"David Worthington","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/jumpcloud.com\/#\/schema\/person\/image\/d9acf1381c6e5b50c0f50d47b7b05411","url":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a6dde901b469c9005c22973e42038d62?s=96&d=mm&r=g","caption":"David Worthington"},"description":"I'm the JumpCloud Champion for Product, Security. JumpCloud and Microsoft certified, security analyst, a one-time tech journalist, and former IT director.","sameAs":["https:\/\/jumpcloud.com\/blog","david.worthington@jumpcloud.com"]}]}},"_links":{"self":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/60307"}],"collection":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/users\/150"}],"replies":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/comments?post=60307"}],"version-history":[{"count":2,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/60307\/revisions"}],"predecessor-version":[{"id":88162,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/posts\/60307\/revisions\/88162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media\/60310"}],"wp:attachment":[{"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/media?parent=60307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/categories?post=60307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/tags?post=60307"},{"taxonomy":"collection","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/collection?post=60307"},{"taxonomy":"platform","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/platform?post=60307"},{"taxonomy":"funnel_stage","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/funnel_stage?post=60307"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/jumpcloud.com\/wp-json\/wp\/v2\/coauthors?post=60307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}