Single sign-on lets one successful authentication session provide access to multiple related applications.
Single sign-on, usually called SSO, allows a user to authenticate once and then access multiple connected applications without separately logging in to each one. In plain language, it centralizes the sign-in experience instead of making every app manage its own isolated login.
SSO matters because it can improve both security and usability when designed well. Users face fewer password prompts, organizations gain more consistent policy enforcement, and identity teams can centralize logging, access review, and factor requirements.
It also matters because scattered app-by-app login systems are harder to govern. SSO helps organizations apply a common identity policy across many services rather than relying on every application team to make strong security choices independently.
SSO appears in workforce identity platforms, university portals, cloud consoles, customer ecosystems, and SaaS portfolios. A central identity provider handles the login, and connected applications trust that result through protocols such as SAML or other federation approaches.
Security teams also use SSO as a governance point. They can require Multi-Factor Authentication, revoke access centrally, and review which applications are reachable from one identity session.
An employee signs in once to the company identity portal and can then open email, HR tools, ticketing systems, and knowledge bases without entering separate passwords for each application. If the employee leaves the company, central account disablement can quickly remove access across that application set.
SSO does not mean sharing one password across many sites. The point is centralized authentication and trust, not password reuse. In fact, SSO is often paired with stronger authentication policies than isolated app logins.
It is also not a permission model by itself. SSO helps establish identity across applications, but each application or platform still needs Authorization decisions that determine what the user can do after sign-in.