Single Sign-On

Single Sign-On (SSO) is an authentication capability that allows a user to access multiple independent applications or services using one set of login credentials within a defined trust framework or session.

Expanded Explanation

1. Technical Function and Core Characteristics

SSO establishes a trust relationship between an Identity Provider (IdP) and one or more service providers, so a user authenticates once and then reuses the resulting security context. It relies on standardized protocols and tokens that convey identity and session information in a controlled manner.

Implementations typically use assertions or security tokens issued by the IdP after successful authentication, which service providers validate to grant access without re-prompting for credentials. Many SSO deployments integrate with enterprise directories and support multi-factor authentication, session timeouts, and policy-based access controls.

2. Enterprise Usage and Architectural Context

In enterprises, SSO commonly operates as part of a centralized identity and access management architecture that spans on-premises (on-prem) systems, cloud services, and Software-as-a-Service (SaaS) applications. Organizations use SSO to enforce consistent authentication policies and to manage user identities from a single source of truth.

Architectures frequently use federation standards to connect internal identity providers with external service providers, including partner systems. SSO can also integrate with Privileged Access Management (PAM), Virtual Private Network (VPN) access, and endpoint management to support unified access strategies.

3. Related or Adjacent Technologies

SSO interfaces with authentication and authorization standards such as Security Assertion Markup Language (SAML), Open Authorization 2.0 (OAuth 2.0), and OpenID Connect (OIDC), which define how identity assertions and tokens are structured and exchanged. It also aligns with directory services, public key infrastructures, and Certificate-Based Authentication (CBA) in enterprise environments.

SSO appears alongside technologies such as identity federation, single logout, just-in-time provisioning, and passwordless authentication. It operates within broader identity and access management programs that also include Role-Based Access Control (RBAC), policy decision points, and security monitoring.

4. Business and Operational Significance

Enterprises use SSO to reduce the number of credentials that users maintain and to centralize control over access. Centralized authentication enables unified enforcement of security policies and facilitates deprovisioning when users change roles or leave the organization.

SSO can support regulatory and audit requirements because it centralizes authentication logs and access control decisions. It also enables standardized integration with cloud providers and third-party applications, which can simplify onboarding of new services and business partners.