100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Single Sign-On (SSO)

BeginnerConcept8.8K learners

Single Sign-On (SSO) is an authentication scheme that lets a user log in once with a single set of credentials and gain access to multiple independent applications or systems without re-authenticating for each one.

Definition

Single Sign-On (SSO) is an authentication scheme that lets a user log in once with a single set of credentials and gain access to multiple independent applications or systems without re-authenticating for each one.

Overview

Before SSO, users typically needed a separate username and password for every application they used, leading to password reuse, forgotten credentials, and a large attack surface for IT to secure. SSO consolidates authentication into a single identity provider that issues a trusted token after a user logs in once, and downstream applications accept that token instead of asking for credentials again. SSO is typically implemented using open standards such as SAML (Security Assertion Markup Language) or OpenID Connect (built on OAuth 2.0). When a user tries to access an application, they are redirected to the identity provider, prompted to authenticate (often combined with Multi-Factor Authentication (MFA)), and then redirected back with a signed assertion proving their identity. Providers such as Okta, OneLogin, Ping Identity, and JumpCloud specialize in offering this as a managed service. Beyond convenience, SSO is a significant security improvement: it reduces the number of passwords users must remember and reuse, gives IT a single point to enforce strong authentication and revoke access instantly when an employee leaves, and produces centralized audit logs of every login across the organization's application portfolio. It's a foundational component of Identity and Access Management (IAM) programs and a common prerequisite for adopting a Zero Trust security model. Most enterprise SaaS applications now support SSO integration out of the box, and many organizations treat SSO support as a baseline procurement requirement when evaluating new software vendors.

Key Concepts

  • One set of credentials grants access to many connected applications
  • Built on open standards such as SAML and OpenID Connect/OAuth 2.0
  • Centralizes authentication at a single identity provider
  • Simplifies instant access revocation when an employee leaves
  • Commonly paired with MFA for stronger login security
  • Produces centralized audit logs across all connected applications
  • Reduces password fatigue and password-reuse risk for end users

Use Cases

Letting employees log into dozens of SaaS tools with one corporate identity
Enforcing consistent MFA policy across an entire application portfolio
Instantly revoking a departing employee's access to all connected systems
Simplifying compliance audits by centralizing login records
Reducing IT helpdesk tickets related to forgotten passwords
Serving as the authentication backbone for Zero Trust access policies

Frequently Asked Questions

From the Blog