What Is Single Sign-On (SSO)? (2024)

Single sign-on (SSO) is a user authentication tool that enables users to securely access multiple applications and services using just one set of credentials. Whether your workday relies on Slack, Asana, Google Workspace, or Zoom, SSO provides you with a pop-up widget or login page with just one password that gives you access to every integrated app. Instead of twelve passwords in a day, SSO securely ensures you only need one.

Single sign-on puts an end to the days of remembering and entering multiple passwords, and it eliminates the frustration of having to reset forgotten passwords. Users can also access a range of platforms and apps without having to log in each time.

How does SSO work?

SSO is built on the concept of federated identity, which is the sharing of identity attributes across trusted but autonomous systems. When a user is trusted by one system, they are automatically granted access to all others that have established a trusted relationship with it. This provides the basis for modern SSO solutions, which are enabled through protocols like OpenID Connect and SAML 2.0.

When a user signs in to a service with their SSO login, an authentication token is created and stored either in their browser or in the SSO solution’s servers. Any app or website the user subsequently accesses will check with the SSO service, which then sends the user’s token to confirm their identity and provide them with access.

Types of SSO

There are a variety of protocols and standards to be aware of when identifying and working with SSO. These include:

  • Security Access Markup Language (SAML): SAML is an open standard that encodes text into machine language and enables the exchange of identification information. It has become one of the core standards for SSO and is used to help application providers ensure their authentication requests are appropriate. SAML 2.0 is specifically optimized for use in web applications, which enables information to be transmitted through a web browser
  • Open Authorisation (OAuth): OAuth is an open-standard authorisation protocol that transfers identification information between apps and encrypts it into machine code. This enables users to grant an application access to their data in another application without them having to manually validate their identity—which is particularly helpful for native apps.
  • OpenID Connect (OIDC): OIDC sits on top of OAuth 2.0 to add information about the user and enable the SSO process. It allows one login session to be used across multiple applications. For example, it enables a user to log in to a service using their Facebook or Google account rather than entering user credentials.
  • Kerberos: Kerberos is a protocol that enables mutual authentication, whereby both the user and server verify the other’s identity on insecure network connections. It uses a ticket-granting service that issues tokens to authenticate users and software applications like email clients or wiki servers.
  • Smart card authentication: Beyond traditional SSO, there is also hardware that can facilitate the same process, such as physical smart card devices that users plug into their computer. Software on the computer interacts with cryptographic keys on the smart card to authenticate the user. While the smart cards are highly secure and require a PIN to be operated, they have to be physically carried by the user—running the risk of being lost—and they can be expensive to operate.

The history of SSO

SSO technology has its roots in the on-premises identity tools that helped organisations securely connect their computers, networks, and servers together in the mid-to-late 1990s. At this time, organisations began to manage their user identities through dedicated systems like Microsoft’s Active Directory (AD) and Lightweight Directory Access Protocol (LDAP), then secured access through on-premises SSO or Web Access Management (WAM) tools.

And as IT has continued to evolve by moving to the cloud, dispersing across multiple devices, and facing more sophisticated cyber threats, these traditional identity management tools are struggling to keep pace. IT teams now need a solution that provides users with quick, secure single sign-on access to any application or service.

SSO myths, busted

There are plenty of misconceptions surrounding SSO, but these are continually dispelled by modern solutions. Common SSO myths include:

SSO Myth 1: SSO slows down IT teams and adds to their workloads

SSO actually helps IT teams be more effective by increasing automation, providing enhanced security and visibility, and enabling better workflows. It directly addresses IT teams’ core mission of smoothly, securely, and quickly connecting employees to the tools they need to get their job done. SSO also allows for faster scaling, better insight into application access, and reduced helpdesk tickets and IT costs.

SSO Myth 2: SSO is difficult to deploy

Legacy tools may have been complex in their day, but modern SSO is quick and simple to deploy. Today’s SSO tools have pre-built connectors to thousands of popular apps, which saves IT teams from having to manually build integrations. Organisations can also connect users and import from existing directories without having to configure, install, or support their hardware or make changes to their firewall. SSO is easy to deploy, centralises the onboarding of new users and apps, is highly available, and minimises costs, ensuring simple yet secure access.

SSO Myth 3: SSO creates a single point of failure, so it’s less secure

It can be tempting to think that by requiring only one password, SSO leaves an appealing attack vector open to cyber threats. But the reality is that a single point of failure already exists, and it’s the user. When forced to juggle different credentials, users often resort to recycling passwords and bad password hygiene, creating a security risk for companies. By eliminating the need for multiple sets of credentials, SSO allows IT teams to set password policies that standardise regular security protocols, while monitoring application, user, device, location, and network context for each access request.

SSO Myth 4: SSO is the same as a password manager

SSO and password managers enable users to access multiple apps with one login, but that’s where the similarities end. Password managers are vaults that store and remember users’ credentials for various apps or websites protected by one primary password. However, they focus on protecting passwords, which account for over 80% of all security breaches and offer hackers a potential entry point into an organisation or identity. SSO solutions, on the other hand, manage access through trust and leverage existing relationships to create a single domain where authentication takes place.

What Is Single Sign-On (SSO)? (2024)

FAQs

What does single sign-on SSO mean? ›

Single sign-on (SSO) is an identification method that enables users to log in to multiple applications and websites with one set of credentials. SSO streamlines the authentication process for users.

What is the single sign-on SSO protocol? ›

Single Sign-on (SSO) allows a user to use a single set of login credentials – such as a username and password, or even multi-factor authentication – to access multiple applications.

What is the single sign-on error in SSO? ›

This error indicates a problem with the certificates you're using to sign the authentication flow. It usually means the private key used to sign the SAML Response doesn't match the public key certificate that Google Workspace has on file.

What happens if single sign-on is enabled? ›

When single sign-on is enabled, IBM SPSS Collaboration and Deployment Services applications log into a Kerberos domain and use Kerberos tokens for web services authentication. If single sign-on is enabled, it is strongly recommended that SSL communication be configured for the repository.

What is single sign-on SSO credentials on Zoom? ›

Zoom SSO (Single Sign-On) is an authentication feature that allows users to access the Zoom app using the same credentials that they use to log into their organization's identity provider. SSO is a fantastic technology that allows businesses to eliminate password reuse and simplifies the login process.

What is single sign-on SSO environments? ›

SSO is an authentication process in which a user can access more than one system or application by entering a single user ID and password. If you are an administrator, you need to specify the company that you want to access during login. Any other user is taken to their specific company.

Which three are benefits of single sign-on SSO? ›

With single sign-on, you can: Reduce support calls: Users with just one password to access all their apps won't require assistance as often. Improve user experience: Since there's no need to hop between multiple login URLs, or reset passwords, users save between 5 to 15 seconds per login.

When should SSO be used? ›

SSO is used by organizations of all sizes and individuals to ease the management of multiple credentials. Single sign-on enables users to authenticate with multiple apps without needing to remember each password.

What is a major risk of using single sign-on SSO? ›

Little Control once Access is Granted

The attacker gets access to all the endpoints of the external applications within the cloud that the user is provisioned for. If the attack is detected, the user account can be disabled. However, the user may still remain logged in.

How do I turn off single sign in SSO? ›

To disable Enterprise Single Sign-On using the command line
  1. On the Start menu, click Run, and then type cmd.
  2. At the command line prompt, go to the Enterprise Single Sign-On installation directory. ...
  3. Type ssomanage –disablesso.
Feb 2, 2021

What is single sign-on SSO for cross domain? ›

Cross-domain single sign-on (CDSSO) is an AM capability that lets users access multiple independent services from a single login session, using the agent to transfer a validated session ID on a single DNS domain or across domains.

How to explain SSO? ›

What is Single Sign-On? Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

Why do people use SSO? ›

Benefits of SSO

Single sign-on (SSO) in the enterprise refers to the ability for employees to log in just one time with one set of credentials to get access to all corporate apps, websites, and data for which they have permission. SSO solves key problems for the business by providing: Greater security and compliance.

What are the benefits of single sign-on SSO? ›

Single sign-on increases employee productivity by reducing the time they must spend signing on and dealing with passwords. Users with just one password to access all of their apps can skip all that extra time spent logging in. SSO solutions often give them access to a dock where all their apps are available.

What is the difference between social sign-on and single sign-on? ›

The main difference between SSO (Single Sign-On) and social login is that SSO allows users to log in to multiple applications with a single set of credentials. In contrast, social login allows users to log in to one application using their social media account credentials.

What is log in with single sign-on SSO instead? ›

With SSO, meaning Single Sign-On, after you're logged in via the SSO solution, you can access all company-approved applications and websites without having to log in again. That includes cloud applications as well as on-prem applications, often available through an SSO portal (also called a login portal).

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Dan Stracke

Last Updated:

Views: 5845

Rating: 4.2 / 5 (63 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Dan Stracke

Birthday: 1992-08-25

Address: 2253 Brown Springs, East Alla, OH 38634-0309

Phone: +398735162064

Job: Investor Government Associate

Hobby: Shopping, LARPing, Scrapbooking, Surfing, Slacklining, Dance, Glassblowing

Introduction: My name is Dan Stracke, I am a homely, gleaming, glamorous, inquisitive, homely, gorgeous, light person who loves writing and wants to share my knowledge and understanding with you.