For SAML 2.0 single sign-on (SSO) connections, you can choose to encrypt entire assertions or individual user attributes, including the user's name identifier. You can use signature verification and signing keys to encrypt and decrypt messages, respectively.