What does SAML do?

SAML stands for Security Assertion Markup Language. It is a standard technology used to exchange authentication and authorisation information between different systems.

In practice, SAML enables Single Sign-On (SSO). This means you can log in once through a central identity provider (IdP) and then access multiple platforms, such as Matomo, WordPress, or a wiki, without needing separate usernames and passwords for each.

How SAML works with Matomo

To enable SAML with Matomo, you will need to install and configure the Login SAML plugin. When installed and configured, it lets users sign in to Matomo with their SAML identity provider instead of entering separate Matomo credentials. The SAML plugin deals with security and authentication and requires technical knowledge, so configuration should be done by a system administrator. The setup process can be summarised as:

  1. A system administrator sets up Matomo as a SAML service provider.
  2. The administrator configures an identity provider (such as OneLogin, Okta, Active Directory Federation Services, or Google).
  3. Matomo and the IdP exchange metadata files to establish trust.
  4. Once set up, users can log in to Matomo by selecting the SAML option, and authentication is handled automatically by the IdP.

Why use the Login SAML plugin?

The plugin offers several advantages for organisations that need a secure and efficient way to manage access across multiple platforms:

  • It simplifies logins by reducing the number of credentials users must remember.
  • It improves security by centralising authentication and applying stronger password policies at the identity provider level.
  • It saves time for organisations with many employees using different platforms.
  • It reduces administrative overhead by removing the need to manage individual Matomo accounts and frequent password resets.
  • The plugin also supports just-in-time provisioning, automatically creating Matomo accounts with the right permissions when users log in via SAML.

Explore the Matomo guides to help you get started with using the Login SAML plugin

Previous FAQ: Why is SSO important?