Identity & Access
Single Sign-On (SSO)
Also known as: SSO, Single sign-on
Definition
An authentication scheme that lets a user sign in once at a trusted identity provider and then access many applications without re-entering credentials.
Examples
- Signing in once to Google Workspace and then using Slack, Notion and Jira via OIDC/SAML.
- Active Directory domain accounts using Kerberos to access internal web apps without re-prompting.
Related terms
Federated Identity
An arrangement in which separate organizations or domains trust a common identity provider so users can use one identity across all of them.
SAML
An XML-based open standard for exchanging authentication and authorization assertions between an identity provider and a service provider.
OpenID Connect (OIDC)
An identity layer built on top of OAuth 2.0 that lets clients verify a user's identity and obtain basic profile information via signed ID tokens.
OAuth 2.0
An open authorization framework that lets a resource owner grant a third-party application limited, scoped access to an API without sharing credentials.
Kerberos
A ticket-based network authentication protocol that uses symmetric cryptography and a trusted Key Distribution Center to enable secure single sign-on across services.
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.