What must users do to access data through SAML?

To access data through SAML (Security Assertion Markup Language), users must authenticate once via the identity provider. This approach leverages a single sign-on (SSO) mechanism, which allows users to log in to the identity provider once, and then gain access to multiple services and applications without needing to log in again for each one. This streamlines the user experience and enhances security by centralizing the authentication process.

In a SAML authentication process, when users attempt to access a service, they are redirected to the identity provider’s login page. After successfully entering their credentials, the identity provider generates a security token that confirms their identity and, importantly, allows them access to various applications that trust that identity provider. This minimizes the need for separate credentials for each system and reduces administrative overhead related to password management.

Other options, while relevant in other contexts, do not align with the SAML protocol’s purpose and functionality. For example, logging into multiple systems defeats the purpose of SSO, submitting a request for access relates to systems that may require explicit permissions that are outside the scope of SAML's primary function, and regularly changing passwords is more of a security policy guideline rather than a requirement specific to SAML authentication.