Relying Party.
In federation, the application or service that relies on an identity provider's authentication, your SaaS is the relying party when it federates to Okta or Google.
The relying-party-validates-everything rule is the operational baseline. Trusting a JWT without verifying the signature, accepting an assertion without checking the audience, or skipping the issuer check, each of these has produced production authentication bypass at named vendors over the last decade.
Common questions
Is the relying party the same as the OAuth client?
What is RP-ID in WebAuthn?
What does a relying party need to validate?
Related terms
In the guides
Enterprise SSO: SAML vs OIDC, and How to Pick
SAML and OIDC are the two protocols that dominate enterprise SSO. A practical comparison, when each is the right answer, and the IdP-side considerations that determine the choice.
WebAuthn Explained: How Passkeys Work Under the Hood
WebAuthn is the W3C browser API that powers passkeys. A practical explanation of registration, assertion, RP-IDs, attestation, and the architecture choices that determine adoption.