Single Sign-On (SSO)

Single sign-on lets a person sign in once and move between several applications without re-entering credentials. An identity provider authenticates the user and issues a token or assertion that each connected application trusts, so the session follows the user across properties.

For customers, SSO means one account and one login across a company’s website, mobile app, and support portal, rather than a separate password for each. The protocols that carry it are usually OpenID Connect for modern apps and SAML for enterprise and business-to-business cases.

SSO improves both experience and security: fewer passwords to manage, fewer reset requests, and a single place to enforce policy such as multi-factor authentication. In CIAM it is a core capability, and it is distinct from social login, which uses an external provider like Google or Apple as the identity source.

Sources

• OpenID Connect Core 1.0: https://openid.net/specs/openid-connect-core-1_0.html