Single Sign-On — Technology Wiki

Overview

Direct Answer

Single Sign-On (SSO) is an authentication mechanism that permits users to authenticate once with a centralised identity provider and subsequently access multiple independent applications and systems without re-authenticating. This contrasts with traditional authentication schemes requiring separate credentials for each application.

How It Works

SSO operates through a trusted identity provider that validates user credentials and issues cryptographically signed tokens (commonly SAML, OAuth 2.0, or OpenID Connect). Applications redirect unauthenticated users to this centralised provider; upon successful authentication, the provider returns a token that downstream systems verify and trust, establishing a session without requiring password resubmission.

Why It Matters

Organisations deploy SSO to reduce credential management overhead, minimise password fatigue-related security incidents, and accelerate user onboarding across dispersed systems. Compliance frameworks increasingly mandate centralised authentication auditing, making SSO integral to governance and risk management strategies.

Common Applications

SSO is prevalent in enterprise environments integrating cloud productivity suites with internal applications, healthcare organisations managing access across electronic records systems, educational institutions granting students unified access to learning platforms and institutional resources, and financial services firms coordinating authentication across customer portals and backend systems.

Key Considerations

SSO introduces a critical single point of failure; compromise of the identity provider affects all federated applications. Organisations must carefully balance convenience against security requirements and ensure token expiration policies and revocation mechanisms are appropriately calibrated.

Related in Strategy & Economics

Multi-Cloud

A strategy using services from multiple cloud providers to avoid vendor lock-in and optimise capabilities.

Hybrid Cloud

An IT architecture combining on-premises infrastructure with public and private cloud services.

Cloud Security

The set of policies, technologies, and controls deployed to protect cloud-based systems, data, and infrastructure.

Identity and Access Management

A framework for managing digital identities and controlling user access to resources and systems.

OAuth

An open standard for token-based authentication and authorisation on the internet.

Cloud Database

A database service built, deployed, and accessed through a cloud platform, offering scalability and managed operations.

Reserved Instance

A cloud pricing model where users commit to a specific resource configuration for a term in exchange for discounted rates.

Cloud Governance

The policies, procedures, and tools for managing cloud resource usage, security, compliance, and costs.

Multi-Tenancy

A software architecture where a single instance serves multiple customers, with each tenant's data isolated and invisible to others.

Cloud Bursting

A configuration where an application runs in a private cloud and bursts into a public cloud when demand spikes.

Cloud-Native Database

A database designed from the ground up to operate in cloud environments with automatic scaling and high availability.

Serverless Database

A database service that automatically provisions, scales, and manages infrastructure on demand without manual server management.

More in Cloud Computing

Spot Instance

Service Models

A cloud computing option that uses spare capacity at significantly reduced prices with the possibility of interruption.

AI Infrastructure

Service Models

The specialised hardware, software, and networking stack required to train and serve AI models at scale, including GPU clusters, high-bandwidth interconnects, and model serving frameworks.

Function as a Service

Service Models

A serverless cloud computing model where individual functions are executed in response to events.

Platform as a Service

Service Models

Cloud computing model that provides a platform for developers to build, deploy, and manage applications without managing infrastructure.

Container Orchestration

Infrastructure

The automated management of containerised application deployment, scaling, networking, and availability across clusters of machines, with Kubernetes as the dominant platform.

Managed Service

Service Models

A cloud service where the provider handles infrastructure management, maintenance, updates, and monitoring.

Cloud Migration

Deployment & Operations

The process of moving data, applications, and workloads from on-premises infrastructure to cloud environments.

Cloud Workload Protection

Strategy & Economics

Security solutions designed to protect server workloads running in cloud environments, providing vulnerability management, runtime protection, and compliance monitoring.