White Paper

SAML vs OAuth 2.0 vs OpenID Connect

Understanding the differences between the three most common authorisation protocols


The world of Identity and Access Management is ruled by two things, acronyms and standards. In our popular blog post on SAML vs OAuth we compared the two most common authorisation protocols – SAML2 and OAuth 2.0. This white paper extends that comparison with the inclusion of a third protocol, OpenID Connect. We also touch on the now obsolete OpenID 2.0 protocol.

In this whitepaper, you will learn:

  • A version history and background to the three most common authorisation protocols – SAML, OAuth & OpenID
  • Comparisons of the protocols
  • Protocol suitability for certain business needs and best use cases, including enterprise, federation, API authorisation, UMA, Customer SSO, Customer IAM & mobile