What does SAML do?

SAML stands for Security Assertion Markup Language. It is a standard technology used to exchange authentication and authorisation information between different systems.

In practice, SAML enables Single Sign-On (SSO). This means you can log in once through a central identity provider (IdP) and then access multiple platforms, such as Matomo, WordPress, or a wiki, without needing separate usernames and passwords for each.

How SAML works with Matomo

Before you start, first ensure you have access to the SAML feature. See How do I get SSO with SAML or LDAP in Matomo?

When installed and configured, it lets users sign in to Matomo with their SAML identity provider instead of entering separate Matomo credentials. The SAML deals with security and authentication and requires technical knowledge, so configuration should be done by a system administrator.

The setup process can be summarised as:

1. A system administrator sets up Matomo as a SAML service provider.
2. The administrator configures an identity provider (such as OneLogin, Okta, Active Directory Federation Services, or Google).
3. Matomo and the IdP exchange metadata files to establish trust.
4. Once set up, users can log in to Matomo by selecting the SAML option, and authentication is handled automatically by the IdP.

Why use the Login SAML feature?

The feature offers several benefits for organisations that need a secure and efficient way to manage access across multiple platforms. Learn more about the importance of SSO and its benefits.

The feature also supports just-in-time provisioning, automatically creating Matomo accounts with the right permissions when users log in via SAML.

Explore the Matomo guides to help you get started with using the Login SAML plugin

• Set up login with SAML authentication
• Set Up Azure SSO with LoginSAML
• Set up OneLogin with the LoginSAML