Glossary

Single Sign-On (SSO) is the term used to describe services that connect different secure applications through a single login process, allowing a user to access each secure environment without signing in to them individually.

SSO was created to address several issues. The first is a user experience issue: customers and employees quickly grow frustrated with generating, storing, and using many different login credentials, especially in quick succession. In addition, good security practices, like multi-factor authentication practices (MFA), can make logins even more time-consuming.

Login frustration drives customers away and it also leads to another issue: security. When frustrated, customers are more likely to use insecure password practices (through easy-to-guess passwords or insecure storage). SSO services remove this frustration by storing and distributing login credentials between services, so users don’t have to re-login for each new service they access. Using SSO also allows security teams to implement MFA services without generating as much frustration since customers will only use it once.

Single Sign-On communicates between various services using an Identity Provider (IdP). The IdP verifies the user’s credentials, and issues authentication tokens to each service accordingly. Passing logins through the IdP allows for enhanced security practices since the IdP can track and control login attempts, helping security teams identify and mitigate potential breaches.

To exchange authentication information between the IdP and different service providers, SSO uses standardized protocols, like SAML or OAuth. SAML, or Security Assertion Markup Language, is a text-based framework sent by IdPs to service providers with information about the validity of user credentials. Service providers then grant the associated user access to the service.

By consolidating login processes and incorporating technologies like MFA, SSO simplifies access while reducing the risk of password-related security breaches. Standardized protocols like SAML and OAuth ensure communication between IdPs and service providers, allowing organizations to improve security measures while maintaining ease of use.