Single Sign-On (SSO)
Last Updated: May 27, 2026
Single Sign-On (SSO) lets users authenticate with one trusted identity system and then access multiple applications without each application handling passwords directly.
In an enterprise, this usually means an employee signs in through a corporate Identity Provider such as Okta, Microsoft Entra ID, Google Workspace, or Keycloak. Applications such as Salesforce, Workday, Jira, and AWS trust that identity provider instead of maintaining separate login systems.
SSO is not one shared session across every application. It is a trust pattern: the IdP authenticates the user, the application validates a signed token or assertion from the IdP, and the application creates its own local session. Each application still owns its own session, authorization model, and failure handling.