Implementing a standard is hard. Getting customers to adopt a new version of said standard with seemingly little benefit is much harder. Salesforce, like many SaaS apps, uses SAML under the hood for features such as the ability to act as a service provider and an identity provider. Founded in 1999, Salesforce is a full 4 years older than SAML 1.1. That’s a full Olympic cycle older. Back to identity though: this means that, at Salesforce, we need to maintain SAML 1.1 and SAML 2.0 for as long as we have customers using either feature. This also applies to pre-SAML features such as delegated authentication. But what if we could help customers move away from legacy versions of identity standards to newer ones? And so began the journey to help our customers on the path to enlightened SAML 2.0. This presentation will cover the lessons learned, the current state, what’s next for SAML at Salesforce, and what customers should look for when considering a move from SAML to newer standards such as OpenID Connect.