Single Sign‑On (SSO)
Home /
Glossary Index /
Alphabet S
What is Single Sign‑On (SSO)?
Single Sign‑On (SSO) is an authentication method that allows users to log in once with a single set of credentials and gain secure access to multiple applications and services without re‑authenticating.
How SSO Works
SSO relies on a trust relationship between three components:
- Identity Provider (IdP): The service that authenticates users (e.g., Okta, Azure AD, Google Identity).
- Service Providers (SPs): The applications users want to access (e.g., Salesforce, Zoom, Slack).
- Authentication protocols: Standards like SAML, OAuth, and OpenID Connect that enable secure communication.
Security Benefits of SSO
- Fewer passwords: Users manage a single strong password instead of 30+ weak, reused ones.
- Reduced attack surface: Fewer credentials mean fewer opportunities for credential harvesting.
- Centralized access revocation: Disabling one account in the IdP blocks access to all linked applications instantly.
- Simplified MFA deployment: Configure MFA once at the IdP level, protecting all down-stream applications.
The Concentration Risk Problem
SSO creates a single point of failure. If an attacker compromises a user’s SSO credentials, they gain access to every application that user can reach. Therefore, pairing SSO with Multi‑Factor Authentication (MFA) is mandatory.