Lets one central authentication session be reused across related applications to reduce repeated logins.
Single sign-on, usually called SSO, allows a user to authenticate once and then access multiple connected applications without separately logging in to each one. In plain language, it centralizes the sign-in experience instead of making every app manage its own isolated login.
SSO matters because it can improve both security and usability when designed well. Users face fewer password prompts, organizations gain more consistent policy enforcement, and identity teams can centralize logging, access review, and factor requirements.
It also matters because scattered app-by-app login systems are harder to govern. SSO helps organizations apply a common identity policy across many services rather than relying on every application team to make strong choices independently.
SSO appears in workforce identity platforms, university portals, cloud consoles, partner ecosystems, and SaaS portfolios. A central identity provider handles the login, and connected applications trust that result through protocols such as SAML or OpenID Connect.
Security teams also use SSO as a governance point. They can require Multi-Factor Authentication, revoke access centrally, and review which applications are reachable from one identity session.
| Area | Centralized by SSO? |
|---|---|
| Sign-in experience and primary identity proof | Usually yes |
| Factor policy at the identity-provider layer | Usually yes |
| Detailed in-app permissions | No, applications still need authorization logic |
| Every app’s session and data model | Not entirely; apps still manage local behavior |
A company employee signs in once to the identity portal and can then open email, HR tools, ticketing systems, and knowledge bases without entering separate passwords for each application. If the employee leaves the company, disabling the central account quickly removes access across that application set.
SSO does not mean sharing one password across many sites. The point is centralized authentication and trust, not password reuse.
It is also not a permission model by itself. SSO helps establish identity across applications, but each application still needs Authorization decisions for what the user can do after sign-in.