SAML 2.0 Identity Provider
Enterprise SAML SSO for every application in your stack. Connect any SAML-compatible app to TitaniumVault and give your users seamless, secure single sign-on backed by multi-factor authentication and complete audit logging.
SAML Integration Shouldn't Be This Hard
Organizations struggle with fragmented SAML implementations, inconsistent security policies, and the operational burden of managing SSO across dozens of applications.
Complex Configuration
Each application has its own SAML requirements — different NameID formats, custom attribute mappings, unique entity IDs, and varying assertion consumer service URLs. Managing these configurations across dozens of apps quickly becomes an operational nightmare that consumes engineering time and introduces security risks.
Multi-App Management
As your organization grows, so does your application portfolio. Each new SaaS tool, internal application, and cloud service needs its own SAML integration. Without a centralized identity provider, you end up with siloed user directories, inconsistent access policies, and no unified view of who has access to what.
Security and Compliance
Enterprise security teams need signed assertions, encrypted tokens, MFA enforcement, and complete audit trails for every authentication event. Many SAML solutions treat these as premium features or bolt-on add-ons, leaving organizations exposed to compliance gaps and security vulnerabilities until they upgrade to expensive tiers.
Enterprise SAML Features
Everything you need to deploy SAML SSO across your organization, built into TitaniumVault from day one.
Full SAML 2.0 Identity Provider
TitaniumVault acts as a complete SAML 2.0 IdP, issuing signed SAML assertions that service providers trust for user authentication. Standards-compliant implementation ensures compatibility with any SAML-enabled application.
SP-Initiated and IdP-Initiated SSO
Support both authentication flows out of the box. Users can start from the application and be redirected to TitaniumVault, or start from their TitaniumVault dashboard and launch directly into any connected application.
Flexible Attribute Mapping
Map user attributes from TitaniumVault to the exact SAML attribute names each service provider expects. Configure NameID formats, custom attribute statements, and group membership attributes per application.
Signed and Encrypted Assertions
Every SAML assertion is digitally signed using RSA-SHA256 to prevent tampering. Optional assertion encryption provides an additional layer of security for sensitive environments and compliance requirements.
Organization-Scoped Configuration
Each organization in TitaniumVault maintains its own SAML configurations, IdP metadata, and connected applications. Multi-tenant isolation ensures one organization's SAML settings never affect another.
Audit Trail for Every Authentication
Every SAML authentication event is logged with full detail including the user, service provider, timestamp, IP address, and assertion ID. Organization-scoped audit logs support compliance and security investigations.
How It Works
Get SAML SSO running across your organization in three straightforward steps.
Configure Your IdP
Set up TitaniumVault as your SAML Identity Provider in minutes. Define your organization's authentication policies, MFA requirements, and user attribute mappings. TitaniumVault automatically generates your IdP metadata XML and metadata URL for easy integration.
Integrate Your Applications
Add each service provider by uploading their SAML metadata or entering the ACS URL and Entity ID manually. Configure attribute mapping to send the correct user fields (email, name, groups, roles) that each application expects. Test the integration with a single click.
Authenticate and Manage
Your users authenticate once through TitaniumVault with their credentials and MFA, then access all connected applications without re-entering passwords. Monitor every authentication event in real-time, manage user access with role-based policies, and revoke access instantly when needed.
Why Choose TitaniumVault for SAML SSO
A SAML identity provider built for performance, security, and simplicity.
Standards-Compliant
Full SAML 2.0 specification compliance means TitaniumVault works with any service provider that supports SAML. No proprietary extensions or vendor lock-in.
Thousands of Compatible Apps
Connect Salesforce, AWS, Slack, Zoom, Atlassian, Zendesk, Dropbox, ServiceNow, Workday, and thousands more enterprise applications through standard SAML integration.
Combined with MFA
Every SAML-authenticated session is backed by multi-factor authentication. TOTP, WebAuthn/FIDO2, and hardware security keys ensure strong identity verification before any assertion is issued.
Complete Audit Logging
Every SAML assertion, authentication attempt, and access event is logged and searchable. Meet SOC2, HIPAA, and GDPR compliance requirements with organization-scoped audit trails.
Rust-Powered Performance
Built in Rust for fast, low-latency SAML assertion generation. No garbage collection pauses, no memory safety issues. Your users experience instant authentication even under heavy load.
Generous Free Tier
SAML SSO is included on all plans, including the free tier with up to 5 staff users and 1,000 customer users. No credit card required to get started with enterprise-grade SAML integration.
Complete Protocol Support
TitaniumVault supports SAML alongside other industry-standard protocols for maximum flexibility.
SAML 2.0
Full IdP with SP-initiated and IdP-initiated flows
OAuth 2.0
Authorization code flow with PKCE
OpenID Connect
Standards-compliant OIDC provider
WebAuthn / FIDO2
Passwordless authentication with hardware keys
Frequently Asked Questions
Common questions about TitaniumVault SAML SSO.
What SAML version does TitaniumVault support?
TitaniumVault fully supports the SAML 2.0 specification, the industry standard used by virtually every enterprise application that supports federated single sign-on. This includes both SP-initiated and IdP-initiated authentication flows, signed SAML assertions using RSA-SHA256, encrypted assertions for sensitive environments, and full attribute mapping with customizable attribute statements. TitaniumVault generates compliant SAML metadata that can be imported directly into any SAML-compatible service provider.
Can I use TitaniumVault as a SAML IdP with applications like Salesforce, AWS, or Slack?
Yes. TitaniumVault works as a SAML 2.0 Identity Provider with any application that supports SAML-based single sign-on. This includes Salesforce, AWS Console, Slack, Zoom, Atlassian (Jira and Confluence), Zendesk, Dropbox Business, Box, ServiceNow, Workday, and thousands of other enterprise applications. You configure TitaniumVault as the IdP in each application by providing your SAML metadata URL or uploading the metadata XML, and your users can authenticate through TitaniumVault to access all connected applications.
Does TitaniumVault support both SP-initiated and IdP-initiated SSO?
Yes, TitaniumVault supports both SP-initiated and IdP-initiated SAML SSO flows. In SP-initiated SSO, the user starts at the service provider (the application they want to access) and is redirected to TitaniumVault for authentication before being sent back with a SAML assertion. In IdP-initiated SSO, the user starts at TitaniumVault, selects the application from their dashboard, and is sent directly to the service provider with a valid SAML assertion. Both flows use signed assertions and support configurable session timeouts.
How does SAML SSO work with MFA in TitaniumVault?
TitaniumVault combines SAML SSO with multi-factor authentication seamlessly. When a user authenticates through a SAML flow, they first complete their primary authentication (username and password) and then satisfy any MFA requirements configured for their organization. This includes TOTP (Google Authenticator, Authy), WebAuthn/FIDO2 hardware security keys, and backup recovery codes. MFA policies can be enforced per organization, ensuring that every SAML-authenticated session has gone through strong identity verification before the SAML assertion is issued.
Is there a free tier for SAML SSO?
Yes. TitaniumVault includes SAML SSO functionality on all plans, including the free tier. The free tier supports up to 5 staff users and 1,000 customer users with full access to SAML 2.0 IdP capabilities, MFA, role-based access control, and audit logging. No credit card is required to get started. This means you can configure and test SAML integrations with your applications at no cost, upgrading to a paid plan only when your team or customer base grows beyond the free limits.
Deploy SAML SSO Across Your Organization
Start with TitaniumVault's free tier — up to 5 staff and 1,000 customers with full SAML 2.0 IdP capabilities. No credit card required, no sales call needed. Connect your first application in minutes.