EN, Security Boulevard

What is Single Sign-On (SSO)

What is Single Sign-On (SSO)
richard-r.stew…
Fri, 08/22/2025 – 16:53

Single Sign-On (SSO) [GO1] is an authentication model in which a user logs in once with a set of credentials to gain access to multiple applications. It forms a key part of many identity and access management (IAM) systems. Rather than needing a specific username and password for each login, SSO offers single-click access to all authorized tools securely and without redundancy.

For example, take the case of a user logging into a corporate session at the beginning of work hours. As soon as they are authenticated, they can open their email, navigate to a document in cloud storage, look at updates of a project management tool, or look at CRM records without logging in again.

Web SSO is the most common type used in cloud-based enterprise applications, where access to multiple web apps is granted via a single authentication event. Web SSO is the primary focus of this page; however, we will also briefly explore other types of SSO. 

Web SSO (as with any other type of SSO) is possible in the back end because of a federated identity system. A central Identity Provider (IdP) authenticates the user and passes authentication tokens to multiple Service Providers (SPs), such as Salesforce or Slack. These tokens are acceptable proof of identity. Norms such as SAML (Security Assertion Markup Language) and OpenID Connect (OIDC) govern how this data is securely passed on. 

By contrast, the legacy approach (in which each service has its own login) forces users to register and recall a distinct set of login credentials for each application. This usually leads to password fatigue, increased reset requests, and increased risk of credential reuse. From a security standpoint, each additional login represents a potential attack vector. 

Today’s landscape demands better. The shift to cloud-first, remote-enabled work has increased the number of systems employees use daily. Today, SSO goes beyond convenient; it’s becoming essential. 

Other Types of SSO

While Web SSO is the most common, SSO can also take other forms depending on the use case: 

  • Social Login SSO

    […]
    Content was cut in order to protect the source.Please visit the source for the rest of the article.

    This article has been indexed from Security Boulevard

    Read the original article: