SAML 2.0 is the dominant enterprise web SSO standard — enabling federated authentication between an Identity Provider (IdP) and Service Provider (SP). XML-based assertions contain user identity and attributes.
SAML flow: user accesses SP → redirect to IdP → authenticate → IdP sends signed SAML assertion → SP validates assertion → access granted. IdP = where authentication happens (AD FS, Okta, Azure AD). SP = the application (Salesforce, AWS, ServiceNow).