Summary
Single Sign-On (SSO) is an authentication pattern that lets a user sign in once with a trusted identity provider and then access multiple applications without re-entering credentials.
What is SSO?
In an SSO setup, applications no longer maintain their own login screens. They redirect the user to a central identity provider, which authenticates the user and returns a signed token (OIDC ID token, OAuth access token, or SAML assertion). The application verifies the token's signature and uses its claims — user ID, email, group memberships — to authorise the session.
The user-facing benefit is convenience: one strong login per day instead of dozens of weak passwords. The security benefit is bigger. Authentication policy, including password rules, MFA, and risk-based prompts, lives in one place. Offboarding becomes a single switch in the IdP rather than a sweep through every application. Audit logs of "who signed into what" collect in one system.
SSO is a building block, not a complete identity strategy. It needs an identity provider, lifecycle management (often via SCIM), and ideally Zero Trust controls on top — because a stolen SSO session token can otherwise unlock everything at once. Modern infrastructure tools, including mesh VPNs like NetBird, integrate with SSO so that VPN access is gated by the same login users already know.
Why is SSO relevant?
- User experience: One strong login instead of many weak passwords
- Central policy: Password rules, MFA, and lockouts enforced in one place
- Faster offboarding: Disable a user once and access disappears everywhere
- Audit and compliance: All authentications collected centrally for reporting
Related Terms
- Identity Provider: Trusted service that issues the SSO tokens
- Multi-Factor Authentication: Strength layer commonly added to SSO logins
- SCIM: Automation that keeps SSO accounts in sync with HR or directory systems
- Keycloak: Popular open-source SSO/IdP option
- Zero Trust: Model that builds on top of SSO with per-request policy checks