I work for a healthcare SaaS company where all of our SSOs use SAML 2.0, and we cannot use LDAP. We have one particular client right now who wants to use ADFS to SSO from their intranet to our site and seem to act as though LDAP is the only option (and that they can't produce SAML assertions for our handshake).

What is the difference between SSO and SAML? What can one accomplish that the other one cannot? Why would my company require SAML over LDAP?

What I'm theorizing from research but am welcoming correction on:

-SAML is safer than LDAP because of authentication/encryption (but I don't know the specifics)

-LDAP is more widely used with companies but SAML is often used with enterprise clients

-LDAP can also be used to control users' access to other programs/sites they have access to (i.e. IT and revoking access to a terminated employee)

Thank you for your help!

Using LDAP for authentication requires disclosing the user's credentials at the application. If the application is running in a different administrative domain (i.e. a SaaS app) this is less preferred since the user's credentials end up in a 3rd-party domain.

OTOH SAML allows you to sign in to the application without disclosing the user's credentials to the application itself which offers increased security. It also increases convenience since the user only has to remember one credential.

LDAP is an Identity repository.

SAML is an Identity standard that could use LDAP as the repository. Or it could use something else like AD.

Just a correction - SAML does not use SOAP.

You can configure ADFS 4.0 (Server 2016) to authenticate against an LDAP and ADFS supports SAML.

If ADFS was configured that way, you would use SAML for SSO, authenticate against a LDAP and get a SAML token returned.