What Is SSO?
Single Sign-On
Single Sign-On (SSO) lets users authenticate once and access multiple applications without logging in again. Sign into your Google account and you're automatically logged into Gmail, YouTube, Google Docs, and Google Cloud. SSO uses protocols like SAML, OpenID Connect, or OAuth.
How SSO Works
Enterprise SSO: employees sign in to Okta/Azure AD once at 9 AM. They access Slack, Jira, GitHub, and AWS throughout the day without additional logins. IT manages one identity — disable the Okta account and access to all apps is revoked instantly.
Key Concepts
- Identity Provider (IdP) — The central service that authenticates users — Okta, Azure AD, Auth0, Google
- Service Provider (SP) — The application that relies on the IdP for authentication — Slack, Jira, your app
- SAML — XML-based SSO protocol common in enterprises — exchanges authentication assertions between IdP and SP
Frequently Asked Questions
SSO vs OAuth?
SSO is the concept (one login, many apps). OAuth is a protocol often used to implement SSO. OpenID Connect (built on OAuth) is the modern standard for SSO in web apps.