Single sign-on (SSO) is an authentication service that allows users to enter their credentials, such as username and password, once to access multiple applications. In the same vein, SSO includes Single Log Out, meaning if the user logs out of one app, the other apps will also be logged out.
SSO is based on trust between the application or service and an external service provider, or Identity Provider (IdP).
This trust is established via communication between the app and a centralized SSO service that the app relies on when a user tries to log in. The SSO service typically runs on its own dedicated SSO policy server.
A user enters their credentials and attempts to sign into the application. The app then generates an SSO token, a digital file containing user-identifying information to authenticate the user between the app and the SSO service.
Next, an authentication request is sent to the SSO service, and it checks if the user has been previously authenticated. If it has, access is granted to the app. If not, the SSO service redirects the user to the central login page to enter the information again.
A successful login lets the user into the app. A failed login will show an error message. After enough failed attempts, the user may be locked out of their account for a period of time.
Every network is different and is presented with varying levels of risk. For extra protection, organizations should pair SSO with identity governance and multifactor authentication to improve their security footprint.