Single Sign-On
What is SSO (Single Sign-On)?
SSO (Single Sign-On) is an authentication method that lets a user log in once with a single set of credentials and access multiple applications without signing in again. A central identity provider authenticates the user and issues trusted tokens to each connected app.
How SSO works
With SSO, applications (the “service providers”) trust a central identity provider (IdP) to authenticate users. When a user visits an app, they are redirected to the IdP; after logging in there once, the IdP issues a signed assertion or token, and the app grants access based on that trust — no second password prompt.
This trust is established using open standards. SAML exchanges signed XML assertions and is common in enterprise SSO; OpenID Connect (OIDC), built on OAuth 2.0, exchanges JSON tokens and is common in modern apps. A good platform supports both so it can connect to any customer's IdP.
Enterprise SSO and why it closes deals
Enterprise SSO lets a customer's employees log in to your app using their own corporate IdP — Okta, Microsoft Entra ID, Google Workspace, and others. It is one of the most common hard requirements on enterprise security questionnaires.
For B2B SaaS, offering per-tenant SSO connections is often the difference between winning and stalling an upmarket deal. It also improves security, since access is centrally controlled and revoked by the customer's IT team the moment an employee leaves.
SSO vs. MFA
SSO and MFA solve different problems and work together. SSO reduces the number of times a user logs in; MFA strengthens each of those logins by requiring an additional factor. Because SSO concentrates access behind one login, pairing it with MFA at the identity provider is considered best practice.
Frequently asked questions
- What is the difference between SSO and SAML?
- SSO is the capability of logging in once to access many apps. SAML is one of the protocols used to implement SSO by exchanging signed XML assertions between an identity provider and applications. OIDC is a modern alternative protocol.
- Is SSO more secure than separate logins?
- Generally yes, because it centralizes authentication and lets an organization enforce strong policies (like MFA) and instantly revoke access in one place. It does concentrate risk on the identity provider, so that account must be well protected.
- What is enterprise SSO?
- Enterprise SSO lets a customer company's employees sign in to your application using their existing corporate identity provider, such as Okta or Microsoft Entra ID. It is a frequent requirement for selling B2B software.
Related terms
Add auth to your app in minutes
Authentication, SSO, MFA, RBAC, SCIM, and multi-tenant identity — with developer-first APIs and a console non-devs can use.