When configuring SAML, which entity holds the responsibility?

In a SAML (Security Assertion Markup Language) authentication process, the customer is typically the entity responsible for configuring SAML settings. This includes defining the identity provider (IdP) that will handle authentication requests and ensuring proper integration within their application environment. Customers need to set up the trust relationship, including exchanging metadata, which typically contains the necessary details for authentication and authorization.

The customer plays a pivotal role as they are responsible for managing their own identity and access management policies. This involves understanding the attributes that need to be shared with the service provider (SP) and ensuring those attributes align with the organization's security requirements. Configuration tasks include specifying URLs for assertion consumer service endpoints, signing certificates, and any necessary claim definitions.

While partners like Tanium may provide guidance and support, and while system administrators often implement the configurations, it is ultimately the customer's responsibility to ensure SAML is set up correctly according to their governance and compliance policies. The network security team may also be involved in ensuring security protocols are upheld, but the foundational SAML configuration lies with the customer.