Single Sign-On (SSO)
What is Single Sign-On?
Single Sign-On offers a trusted authentication method that allows users to log in once to access multiple well-vetted systems and services—all without having to re-enter authentication factors such as their username and password. After all, end users get frustrated having to remember multiple usernames and passwords just to access work resources. And no security professional wants users relying on guessable passwords, just because they’re easier to remember.
Single Sign-On or “SSO” helps alleviate both problems by allowing trusted users to log in once to access multiple well-vetted systems and services within a single domain—all without having to re-enter authentication factors such as their username and password. It’s based on a trust relationship set up between an application or “service provider” (SP) and an “identity provider” (IdP) that manages the user identity and attributes.
What if you want to include services beyond a single domain?
You can also have a form of SSO that includes applications or services outside of a single domain. Federated SSO is based on the idea of identity federation, where identity attributes are shared across separate, yet well-vetted systems, and enabled by protocols such as SAML 2.0 and OpenID Connect. Once a user accesses one system within the “federation of trust,” they’re automatically granted access to all the others.