IAM Concepts

SSO

Diagram representing a glossary term in Oasis Security, illustrating key concepts in non human identity management

Single Sign-On (SSO) is an authentication mechanism that allows users to access multiple applications or services with a single set of login credentials. Instead of requiring users to log in separately to each application, SSO enables them to authenticate once and gain access to all authorized resources seamlessly.

For instance, imagine an employee of a company using SSO to access their email, project management software, and HR portal. Upon logging into their workstation, they are automatically authenticated to access all these applications without needing to enter their credentials again. This not only simplifies the user experience but also reduces the risk of password fatigue and the likelihood of users resorting to insecure practices, such as reusing passwords across multiple systems.

SSO implementations typically involve a centralized identity provider (IdP) that authenticates users and issues security tokens, which are then used to access various applications or services. Common SSO protocols include SAML (Security Assertion Markup Language) and OAuth (Open Authorization).

By implementing SSO, organizations can improve security by enforcing stronger authentication measures, streamline user access management, and enhance user productivity by reducing the time spent on authentication processes.