What is Single Sign-On?

Single sign-on (SSO) enables users to authenticate through a single source known as an identity provider so they can navigate between applications and websites with one set of credentials. Applications and websites that use SSO rely on trusted third-party identity providers, such as Microsoft and Google, to verify that the user is who they claim.

Once a user’s session has been verified by the identity provider, the user is automatically logged into applications via SSO. Within an application, a user’s access is based on the security granted within that application.

How does SSO work?

Authentication with SSO relies on a trust relationship between an application and an identity provider when a user tries to log in to the application.

1. The application confirms whether the user has been authenticated by the identity provider. If so, then the application opens.

2. If the user has not been authenticated, it sends the user to the identity provider to log in.

3. The user enters the user name and password for the identity provider.

4. The identity provider authenticates the user.

5. The identity provider passes an authentication token to the application and returns the user to the application.

6. As the user navigates to other applications, the authentication token is passed so the user is automatically logged into applications that use SSO.

What does SSO look like for the user?

The illustration below shows the sign-in for a district using Google as the identity provider.