SAML 2.0 supports a variety of different message flows for authentication and authorization. The following diagram illustrates the approach used by Commerce Cloud. It shows the flow of messages when a shopper logs a the Commerce Cloud storefront using storefront SSO. Note that in SAML terminology, Commerce Cloud is referred to as the service provider, while the external system that provides authentication is called the identity provider: