[[saml-realm]] === SAML Authentication {security} supports user authentication using SAML Single Sign On. {security} provides this support using the Web Browser SSO profile of the SAML 2.0 protocol. This protocol is specifically designed to support authentication via an interactive web browser, so it does not operate as a standard authentication realm. Instead, {security} provides features in {kib} and {es} that work together to enable interactive SAML sessions. This means that the SAML realm is not suitable for use by standard REST clients. If you configure a SAML realm for use in {kib}, you should also configure another realm, such as the <> in your authentication chain. In order to simplify the process of configuring SAML authentication within the Elastic Stack, there is a step-by-step guide to <>. The remainder of this document will describe {es} specific configuration options for SAML realms. [[saml-settings]] ==== SAML Realm Settings See {ref}/security-settings.html#ref-saml-settings[SAML Realm Settings]. ===== SAML Realm Signing Settings See {ref}/security-settings.html#ref-saml-signing-settings[SAML Realm Signing Settings]. ===== SAML Realm Encryption Settings See {ref}/security-settings.html#ref-saml-encryption-settings[SAML Realm Encryption Settings]. ===== SAML Realm SSL Settings See {ref}/security-settings.html#ref-saml-ssl-settings[SAML Realm SSL Settings].