Single Sign-On — Technology Wiki

Overview

Direct Answer

Single Sign-On (SSO) is an authentication mechanism that permits users to authenticate once with a centralised identity provider and subsequently access multiple independent applications and systems without re-authenticating. This contrasts with traditional authentication schemes requiring separate credentials for each application.

How It Works

SSO operates through a trusted identity provider that validates user credentials and issues cryptographically signed tokens (commonly SAML, OAuth 2.0, or OpenID Connect). Applications redirect unauthenticated users to this centralised provider; upon successful authentication, the provider returns a token that downstream systems verify and trust, establishing a session without requiring password resubmission.

Why It Matters

Organisations deploy SSO to reduce credential management overhead, minimise password fatigue-related security incidents, and accelerate user onboarding across dispersed systems. Compliance frameworks increasingly mandate centralised authentication auditing, making SSO integral to governance and risk management strategies.

Common Applications

SSO is prevalent in enterprise environments integrating cloud productivity suites with internal applications, healthcare organisations managing access across electronic records systems, educational institutions granting students unified access to learning platforms and institutional resources, and financial services firms coordinating authentication across customer portals and backend systems.

Key Considerations

SSO introduces a critical single point of failure; compromise of the identity provider affects all federated applications. Organisations must carefully balance convenience against security requirements and ensure token expiration policies and revocation mechanisms are appropriately calibrated.

Related in Strategy & Economics

Multi-Cloud

A strategy using services from multiple cloud providers to avoid vendor lock-in and optimise capabilities.

Hybrid Cloud

An IT architecture combining on-premises infrastructure with public and private cloud services.

Cloud Security

The set of policies, technologies, and controls deployed to protect cloud-based systems, data, and infrastructure.

Identity and Access Management

A framework for managing digital identities and controlling user access to resources and systems.

OAuth

An open standard for token-based authentication and authorisation on the internet.

Cloud Database

A database service built, deployed, and accessed through a cloud platform, offering scalability and managed operations.

Reserved Instance

A cloud pricing model where users commit to a specific resource configuration for a term in exchange for discounted rates.

Cloud Governance

The policies, procedures, and tools for managing cloud resource usage, security, compliance, and costs.

Multi-Tenancy

A software architecture where a single instance serves multiple customers, with each tenant's data isolated and invisible to others.

Cloud Bursting

A configuration where an application runs in a private cloud and bursts into a public cloud when demand spikes.

Cloud-Native Database

A database designed from the ground up to operate in cloud environments with automatic scaling and high availability.

Serverless Database

A database service that automatically provisions, scales, and manages infrastructure on demand without manual server management.

More in Cloud Computing

Platform Engineering

Deployment & Operations

The practice of building and maintaining internal developer platforms that provide self-service capabilities, standardised tooling, and golden paths for software delivery teams.

Service Mesh

Architecture Patterns

An infrastructure layer handling service-to-service communication in microservices, managing traffic, security, and observability.

Internal Developer Portal

Deployment & Operations

A centralised web interface that provides developers with self-service access to infrastructure, services, documentation, and templates within their organisation.

GraphQL

Architecture Patterns

A query language for APIs that lets clients request exactly the data they need in a single request.

Microservices

Architecture Patterns

An architectural style structuring an application as a collection of loosely coupled, independently deployable services.

Spot Instance

Service Models

A cloud computing option that uses spare capacity at significantly reduced prices with the possibility of interruption.

Infrastructure as a Service

Service Models

Cloud computing model providing virtualised computing resources like servers, storage, and networking over the internet.

Cloud Computing

Service Models

The delivery of computing services — servers, storage, databases, networking, software — over the internet on demand.