What is SAML?

If you work at a big company, you probably use Single Sign-On (SSO), so you can log into all your apps with the same corporate account. How does this work? The lingua franca of enterprise SSO is SAML: an XML-based protocol that connects “Identity Providers” (such as Okta, OneLogin, or Microsoft Active Directory, who already know who you are) to “Service Providers” (web apps who need to know who you are to log you in).

Normally, building apps that accept SAML authentication is difficult and messy - but today, we’re making it easy.

The login form for SAML Authentication with Anvil

The easiest way to use SAML auth

Today, we’re launching SAML for Anvil, the easiest way to build apps that use SAML to authenticate their users (that’s “Service Providers” in SAML lingo). Just point Anvil at your IdP, then you can use Anvil’s built-in user authentication! No more worrying about finding the right library for your authentication, or needing to write to XML file formats - it’s as simple as adding a service to your Anvil app.

Anvil already provides several authentication integrations, including Facebook, Google and Microsoft Azure. Now, with SAML Authentication, you can use any SAML Identity Provider to authenticate your app’s users! This new feature is now available to all users on the Business Plan or higher.

Configure once, use everywhere

Anvil’s SAML integration allows you to share your configuration across all your apps, so you don’t have to configure your identity provider to trust each one individually. If you’re building internal tools, this means your SAML setup only needs to be done once, and then using it for every Anvil app you build is as simple as copying the configuration details into a new app. Of course, you can also configure SAML authentication on a per-app basis as well.

How do I use it?

Users Service configuration with SAML Authentication selected and email deselected

Just add the Users to your app, and tick ‘SAML Authentication’. Then configure your identity provider to trust your Anvil app, and vice versa. This is made even easier by the option to download your app’s service provider metadata directly with a single click.

SAML Authentication Service configuration, showing the button to download Service Provider metadata

With that set up, you’re ready to provide your users with a login form! This can sit alongside other authentication options, like the other integrations mentioned above or an email & password identity, but in SAML world, it’s standard to only allow users to authenticate with SAML.

import anvil.saml.auth

class Form1(Form1Template):

  def __init__(self, **properties):
    self.init_components(**properties)
    user = anvil.users.login_with_form()
    print(f"You are logged in as: {user['email']}")
    print(anvil.saml.auth.get_user_attributes())

Now when your users open your app, they’ll be prompted to log in via your SAML identity provider, and the print statements above will print their identity details to the console. SAML authentication has never been easier!

Learn more

Check out our documentation for more information and examples:


Build your own app with Anvil

If you’re new here, welcome! Anvil is a platform for building full-stack web apps with nothing but Python. No need to wrestle with JS, HTML, CSS, Python, SQL and all their frameworks – just build it all in Python.

Want to build an app of your own? Get started with one of our tutorials: