Single Sign-On (SSO) (2025)

Identity Fundamentals

Expand All | Collapse All

Identity and Access Management

Identity Providers and Service Providers

Centralized vs Decentralized Identity Management

Zero Trust Security

Authentication

Single-factor, Two-factor, and Multi-factor Authentication

Passwordless Authentication

FIDO (Fast Identity Online)

Risk-based Authentication

Certificate-based Authentication

Token-based Authentication

Single Sign-On (SSO)

Federated Identity Management

Continuous Authentication

CHAP Authentication

Authorization

Authorization Methods

User and Account Provisioning

Single Sign-on with a Directory

Dynamic Authorization

Authentication and Authorization Standards

SAML

OAuth

OpenID Connect (OIDC)

Identity Orchestration

Authentication and Authorization Protocols

LDAP

SCIM

WebAuthn

Kerberos

WS-Trust

What is SSO?

Single sign-on (SSO) is an authentication process that allows users to sign on to their applications and services with a single set of credentials. SSO is a core capability of identity and access management (IAM) technology that makes it easier for users to have convenient and secure online experiences. In a cloud environment, this is called "cloud SSO."


SSO establishes trust between the identity provider (IdP) and the service provider (SP). The IdP handles the identity information that authenticates the user requesting SSO, and the SP handles the service or application that the user wants to access.

Identity standards such as SAML, OAuth2, and OpenID Connect enable the secure sharing of identity data among multiple SPs and IdPs. Without standards, each connection would require customized development. The following graphic illustrates how SSO streamlines the sign-on process by giving employees secure, one-click access to resources or services from any device.

How does SSO work?


During SSO, an IdP uses an accepted identity standard of communication, such as SAML, to pass an encrypted assertion between the user and the SP. If the user is successfully authenticated through SSO, they have secure, one-click access to a variety of services without the need for repetitive credential entry, multiple passwords, or separate accounts.

SP-initiated federated SSO


To enable SSO, the IdP must implement a centralized authentication server that all apps can use to confirm a user’s identity. This server can validate user identities and identity or access tokens with data that confirm the user’s identity, privileges, and granted authorizations.


The following diagram illustrates the standard steps of SP-initiated federated SSO.

  1. The user browses to the website or application they want access to (the SP).
  2. The SP sends a request and redirects the user to the SSO system (the IdP).
  3. The user is prompted to authenticate by providing credentials.
  4. The IdP validates the user's credentials.
  5. The IdP sends an assertion to the SP to confirm authentication.
  6. The user is granted access to the desired application.

IdP-initiated federated SSO


The following graphic shows the standard steps of IdP-initiated federated SSO.

Single Sign-On (SSO) (1)

  1. The user requests access to an app through the IdP.
  2. On first sign-on, the IdP requests credentials.
  3. The IdP checks credentials against the identity directory.
  4. An encrypted assertion authenticating the user is passed to the SP.
  5. The SP accepts the assertion and directs the user to the app.
  6. With the assertion, the user can now access any SP in the trusted group without login.

What are the benefits of SSO?

  • Stronger security:SSO strengthens enterprise security by reducing the number of passwords that your users have to manage. Because passwords are a popular attack vector, reducing reliance on them also reduces the potential for a breach. Asking your users to only remember one password decreases their tendency for risky password behavior, such as reusing passwords, writing them down, or sharing them with others.
  • Enhanced customer experience:SSO eliminates the frustration of juggling multiple passwords and needing to sign on multiple times. Customers can sign on once and easily access all of the products and services that they need. With nearly three out of four customers reporting that experience is an important factor in purchasing decisions, SSO is a great place to start enhancing the customer experience.
  • Improved employee productivity:With many enterprises moving to the cloud and adding outside services to their menu of productivity tools, the need for SSO in the workplace is increasing at a rapid pace. SSO is particularly valuable for employees who are remote or use multiple devices to get their work done because SSO enables them to sign on just once each day with one set of credentials.

    SSO grants employees easier access to the resources that they need to do their jobs. By granting faster access without sacrificing security, you’re streamlining their work experience, giving them more time to focus on important tasks.

  • Lower IT Costs:Decreasing the number of passwords also decreases the number of password-related help desk tickets. Fewer password resets may not sound like a big deal, but organizations spend a lot of money for password-related support costs. By minimizing the number of passwords in use, you can save a lot of money.

Every day, our digital world presents us with more systems and applications to use in our lives. Creating and remembering complex passwords for every app is a challenge and potentially a security risk. By implementing SSO, you can give your customers, employees, and partners the ability to access different applications and services easily, quickly, and securely.

Is SSO right for my organization?

When considering SSO integration, organizations are likely to be looking at a solution that addresses the three main SSO applications. One is increasing security. SSO security is a way to enable Zero Trust principles and ensure a greater level of identity assurance and access authorization. Another is improving user experience. By reducing friction and providing fast and seamless access across a wide array of applications, organizations can boost user satisfaction and productivity. And a third SSO application is to save costs by reducing password reset support calls to the helpdesk.

Single Sign-On (SSO) (2025)

FAQs

Why is SSO so complicated? ›

Legacy SSO solutions such as ADFS have traditionally been complex to deploy. A large part of the difficulty is due to the various existing components that need to be integrated with new modern apps and configuration changes.

Is single sign-on worth it? ›

Security and compliance benefits of SSO

SSO reduces the number of attack surfaces because users only log in once each day and only use one set of credentials. Reducing login to one set of credentials improves enterprise security. When employees have to use separate passwords for each app, they usually don't.

What is a major risk of using single sign-on SSO? ›

Little Control once Access is Granted

The attacker gets access to all the endpoints of the external applications within the cloud that the user is provisioned for. If the attack is detected, the user account can be disabled. However, the user may still remain logged in.

Can I bypass SSO? ›

There are options to allow Users to be created that bypass SSO and there is a specific checkbox on a Domain stating “Require all users to log in with SSO only”, if that is not checked then a new User could be created that uses a Username and Password that is not bound by SSO.

How long does it take to beat SSO? ›

Updated:
Single-PlayerPolledAverage
Main Story232h 30m
Main + Extras275h
Completionist31744h 3m
All PlayStyles7778h 9m

Can you get banned in SSO? ›

Your account can be suspended if you don't follow our Terms & Conditions. Below is a list of reasons that can lead to suspension: Misbehaving on the chat or breaking one of our other rules. Using bugs to your advantage in the game.

What is the main concern with single sign-on? ›

However, its one-to-many architecture means that a breach in one account can provide attackers with access to all linked resources, compounded by the common use of weak passwords and susceptibility to phishing attacks. Many organizations are willing to cast a blind eye over security concerns – for good reason.

What is the biggest disadvantage of using SSO for authentication? ›

Disadvantages of Single Sign On (SSO):

Single vulnerability: If SSO is compromised, all applications and services linked to it may also be at risk. A successful attack on the SSO system could allow attackers to access multiple applications and services without additional authentication.

Which of the following is a disadvantage of single sign-on SSO? ›

A significant disadvantage of SSO is that if a user's password is compromised, it grants unauthorized access to all the applications and resources linked to that account. This can lead to severe consequences, including data breaches, financial loss, and reputational damage to the organization.

Which three are benefits of single sign-on SSO? ›

With single sign-on, you can: Reduce support calls: Users with just one password to access all their apps won't require assistance as often. Improve user experience: Since there's no need to hop between multiple login URLs, or reset passwords, users save between 5 to 15 seconds per login.

Why not use SSO? ›

Creates a single point of failure

SSO lets users access multiple services with a single set of login credentials, which is convenient but risky. If the SSO system is not properly maintained, threat actors can potentially compromise it and gain access to multiple services at once.

Is SSO insecure? ›

Because SSOs are associated with critical resources, if a hacker attack targets an SSO provider, the entire user base will be compromised. If an end user's SSO portal is compromised, then their access to those applications is also at risk.

Does SSO work in incognito? ›

If you want to use the credentials of a different user, it's best to use an incognito window. The way SSO works is that as soon as you enter an email address, the service provider (Keepit) checks whether the user with that email address has SSO configured.

How do I get out of SSO? ›

On a Desktop
  1. Sign in to your Google account.
  2. Scroll down to Signing into Other Sites.
  3. Choose Signing in with Google.
  4. Choose the app or service you want to remove.
  5. Tap on Remove Access.

Can SSO be compromised? ›

It is true that if your main SSO password is compromised it can lead to other accounts being compromised too, if there are no other security controls on the account. For this reason, we would recommend ensuring that you enforce extra-strong passwords and implement additional security controls.

What is the problem with SSO? ›

Often, you may have to rely on older authentication methods if a problem occurs, such as your identity provider going down or experiencing an interruption. If your identity provider goes down, your SSO goes down too. The provider's vulnerability to any kind of interruption becomes your vulnerability.

How difficult is it to implement SSO? ›

However, implementing SSO can be challenging, especially when integrating with existing systems and applications. Some common challenges include compatibility issues, user provisioning and management, single points of failure, security risks, and customization requirements.

Why is SAML so complicated? ›

SAML payloads

Each layer has signatures that need verification, a process that can be like peeling an onion. A generalized SAML integration can be difficult to implement and check because it's not always hierarchical and requests between systems can be non-linear.

Why is Star Stable only for girls? ›

Star Stable Online's story is about a girl and her adventures on Jorvik, the sisterhood she is in, and her relationship with her horse. We decided to create a game with a female protagonist back in 2011, and this is the character our players will be when they play, just like other games only have male main characters.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Barbera Armstrong

Last Updated:

Views: 5647

Rating: 4.9 / 5 (59 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Barbera Armstrong

Birthday: 1992-09-12

Address: Suite 993 99852 Daugherty Causeway, Ritchiehaven, VT 49630

Phone: +5026838435397

Job: National Engineer

Hobby: Listening to music, Board games, Photography, Ice skating, LARPing, Kite flying, Rugby

Introduction: My name is Barbera Armstrong, I am a lovely, delightful, cooperative, funny, enchanting, vivacious, tender person who loves writing and wants to share my knowledge and understanding with you.