Overview

This guide provides our partners with an overview and understanding of ID.me and the implementation of Security Assertion Markup Language (SAML).

Background information

ID.me is an Identity Verification Network providing a range of identity proofing for Federal, State and Local governments, organizations and commercial sector partners. ID.me is the only Credential Service Provider certified at NIST 800-63-2 LOA 1, 2, and 3, and NIST 800-63-3 IAL2/AAL2.

ID.me’s Identity Gateway platform provides a SAML 2.0 capable IdP service, which supports standardized, signed and encrypted assertions and different attribute bundles. This functionality can be used to enable applications to participate in a federated single sign-on (SSO) relationship with the ID.me network of credentials.

• Security Assertion Markup Language (SAML) is an open standard that allows an identity provider (IdP) to pass authorization credentials to a service provider (SP)
• SAML is an XML-based data format that allows businesses to communicate user authentication and authorization information to partner companies and enterprise applications their employees may use
• SAML uses X.509 certificates to sign and encrypt SAML assertions

The ID.me SAML 2.0 IdP supports assertions, protocol bindings and profiles in accordance with the OASIS standard. The SAML XML document includes:

• SAML 2.0 assertions and all protocol messages
• SAML 2.0 metadata
• Web browser single-sign-on profile
• Single logout profile
• Generation and verification of XML signatures
• XML encryption and signing
• HTTP POST and HTTP Redirect Binding

The following diagram shows an overview of the SAML flow. The “SP” in this diagram stands for “Service Provider”, a.k.a the partner.