Single Sign-On (SSO)

SSO is an authentication method that allows users to access multiple applications with a single set of credentials, improving security and user experience.

Single Sign-On enables users to authenticate once and access multiple systems without re-entering credentials.

SSO protocols: - SAML 2.0: Enterprise standard - OpenID Connect: Modern, API-friendly - OAuth 2.0: Authorization (often paired with OIDC)

SSO benefits: - Reduced password fatigue - Centralized access control - Consistent MFA enforcement - Simplified offboarding - Reduced help desk calls

SSO providers: - Okta, Microsoft Entra ID, OneLogin - Google Workspace, Auth0, Ping Identity

SSO + MFA is the recommended combination for enterprise security.

Why It Matters

SSO eliminates the proliferation of passwords across applications, centralizes authentication and MFA enforcement, and simplifies offboarding—when an employee leaves, revoking SSO access immediately disables access to all connected applications. Enterprise customers expect SSO support as a baseline feature, and SaaS companies that offer SSO close enterprise deals faster.

Key Points

Reduces password-related security risks

Centralizes authentication and MFA

SAML and OIDC are main protocols

Simplifies user onboarding/offboarding

Enterprise customers expect SSO support

Applicable Compliance Frameworks

SOC 2 ISO 27001

Related Terms

Identity and Access Management (IAM)

IAM is a framework of policies and technologies that ensure the right individuals have appropriate access to technology resources at the right times and for the right reasons.

Multi-Factor Authentication (MFA)

MFA is a security mechanism requiring users to provide two or more verification factors to gain access, significantly reducing the risk of unauthorized access.

OAuth 2.0

OAuth 2.0 is an authorization framework that enables secure delegated access, allowing users to grant third-party apps limited access to their resources without sharing credentials.