SAML (Security Assertion Markup Language) is the long-established enterprise SSO standard. SAML 2.0 (the current version, published 2005) defines how an identity provider (Okta, Microsoft Entra ID, Ping, OneLogin) authenticates a user and passes a signed assertion to a service provider (your customer portal) without the service provider ever seeing the user’s password.
SAML is universally supported by enterprise identity providers. It’s older than OIDC and more verbose (XML-based), but for B2B customer portals it remains the most-requested SSO protocol because enterprise IT teams already configure SAML for hundreds of other applications.
See our portal authentication guide for SAML implementation patterns.