Single Sign-On

Defining and Describing Single Sign-On

Disambiguation

Primary sense — the innovation-consulting sense

• Commonly deployed in startup SaaS stacks for "better experience for users because they can use their existing credentials to authenticate and don't have to enter credentials as often," integrating with tools like Cloud Identity, Entra ID, or Duo. [2]
• Acts as an IdP authenticating users before permitting access to SP applications, with policies like multi-factor authentication (MFA) per app, e.g., "require that users of one application complete two-factor authentication at every login, but only once every seven days when accessing a different application." [1]
• Differs from password sync or local auth: "You don't have to synchronize passwords," as SSO federates identity without storing credentials in each app. [2]
• Not basic session management; requires standards like SAML for exchange of "authentication and authorization data between a SAML IdP and SAML service providers." [2]

Other senses

• No other senses identified: SSO refers exclusively to this federated authentication practice in technology and business contexts; no innovation-relevant variants like non-digital or unrelated usages appear in sources.

Adjacent Vocabulary

• Synonyms:
  • Federated Identity: Emphasizes cross-domain trust, often via SAML or OIDC, vs. SSO's user-facing seamlessness. [2]
  • Identity Federation: Broader protocol focus, synonymous in SAML contexts but highlights provisioning. [2]
  • Universal Login: Startup-friendly term for SSO portals, shading toward consumer UX. [1]
• Antonyms:
  • Multi-Factor Authentication per App: Forces repeated logins, opposing SSO's single credential goal. [1]
  • Siloed Authentication: App-specific logins creating credential sprawl. [2]
• Adjacent terms: SAML 2.0, Identity Provider, Service Provider, Multi Factor Authentication, Zero Trust, SCIM

Usage in Practice

• "Duo Single Sign-On is our cloud-hosted SSO product which layers Duo's strong authentication and flexible policy engine on top of an application's login using Security Assertion Markup Language (SAML) 2.0." — Duo documentation [1]
• "Using SSO can provide several advantages: You enable a better experience for users because they can use their existing credentials to authenticate and don't have to enter credentials as often." — Google Cloud Architecture Center [2]
• "After you configure SSO, your users can sign in by using their Microsoft Entra credentials." — Microsoft Entra docs [3]
• "By creating a Cloudflare SSO connector, you can enforce SSO to the Cloudflare dashboard with the identity provider (IdP) of your choice. SSO will be enforced for every user in your email domain." — Cloudflare Fundamentals [4]
• "Configure single sign-on (SSO) for your add-in so users don't have to sign-in to Employee Center." — ServiceNow docs [5]

Common Misuses

• Calling basic session cookies or JWT tokens "SSO" — better suited: Session Management, as SSO requires IdP federation across apps. [1][2]
• Equating SSO with password vaulting (e.g., 1Password sharing) — better suited: Shared Credentials, lacking federated standards like SAML. [2]
• Marketing "passwordless" as SSO without IdP integration — better suited: Passwordless Authentication, which may still demand per-app biometrics. [1]
• Using "SSO" for SCIM user provisioning — better suited: Identity Provisioning, as SSO handles auth, not account sync. [6]

Sources