---
url: 'https://www.corbado.com/glossary/single-sign-on-sso'
title: 'SSO (Single-Sign-On)'
description: 'Discover SSO (Single-Sign-On), an advanced user authentication mechanism designed to enhance the user experience and bolster security.'
lang: 'en'
keywords: 'sso (single-sign-on)'
---

# SSO (Single-Sign-On)

## What is SSO (Single-Sign-On)?

**SSO (Single-Sign-On)** is an advanced user authentication mechanism designed to enhance
the user experience and bolster security. At its core,
[SSO](https://www.corbado.com/blog/passkeys-single-sign-on-sso) lets users access multiple applications or
platforms using just a single set of credentials, typically a username and password. This
not only eliminates the need to remember multiple passwords but also streamlines the
sign-in process for various services. Over time, the concept of
[SSO](https://www.corbado.com/blog/passkeys-single-sign-on-sso) has evolved, branching out into different
configurations and applications, making it a cornerstone in the digital authentication
landscape.

## Key Takeaways

> - **SSO (Single-Sign-On)** provides a unified login mechanism across multiple platforms.
> - Implementing [SSO](https://www.corbado.com/blog/passkeys-single-sign-on-sso) can boost user experience but
>   needs robust security measures to prevent potential risks.
> - Solutions like Corbado integrate SSO with passkeys, elevating both convenience and
>   security.

---

### Delving Deeper into SSO Mechanisms and Configurations

SSO operates primarily through a federated
[identity management](https://www.corbado.com/blog/digital-identity-guide) system, often referred to as identity
federation. One of the renowned frameworks in this domain is OAuth, which serves as an
intermediary. Instead of sharing a user's password, OAuth grants third-party services an
[access token](https://www.corbado.com/glossary/access-token), safeguarding the user's sensitive login
information. When a user tries to access a particular application, the service provider
collaborates with the identity provider to authenticate the user's credentials. Once
authenticated, the user can freely access the application without any further prompts.

Various protocols underpin SSO services. [Kerberos](https://www.corbado.com/glossary/kerberos), for instance,
employs a ticket-granting ticket (TGT) mechanism, ensuring users aren't repeatedly
prompted for credentials. On the other hand, Security [Assertion](https://www.corbado.com/glossary/assertion)
Markup Language (SAML) is a distinct protocol that exchanges user authentication and
authorization data securely across platforms. Furthermore,
[smart card](https://www.corbado.com/glossary/smart-card)-based SSO configurations use cards embedded with
sign-in data, further simplifying the login process.

---

## SSO (Single-Sign-On) FAQs

### What is SAML?

**SAML (Security Assertion Markup Language)** is a robust authentication protocol widely
embraced in enterprise environments to streamline user access to various applications,
like CRM systems, through a [single sign-on](https://www.corbado.com/blog/passkeys-single-sign-on-sso) (SSO)
process. Read more about SAML here.

### How does SSO differ from traditional password managers?

SSO and password managers both aim to simplify the user authentication process. However,
SSO offers a unified method for users to access multiple applications with one set of
credentials. In contrast, password managers store individual passwords for various
services, automatically inputting them upon request.

### Are there security risks with SSO?

While SSO enhances user convenience, it does introduce potential security
[vulnerabilities](https://www.corbado.com/glossary/vulnerability). If a malevolent actor gains access to a user's
SSO credentials, they can infiltrate all associated applications. Therefore, it's
paramount to bolster SSO with added layers of security, such as
[two-factor authentication](https://www.corbado.com/blog/passkeys-vs-2fa-security)
([2FA](https://www.corbado.com/blog/passkeys-vs-2fa-security)) or multifactor authentication.

### What is Social SSO, and is it secure?

Platforms like [Facebook](https://www.corbado.com/blog/facebook-passkeys), Google, and
[LinkedIn](https://www.corbado.com/blog/linkedin-passkeys) offer Social SSO, allowing users to log into
third-party platforms using their social media credentials. While this provides a seamless
login experience, it does pose potential security risks, as a breach in one platform could
jeopardize others.

### How do passkeys enhance the security of SSO?

Integrating passkeys with SSO provides a modern, secure authentication method. By
combining the two, users benefit from the streamlined login of SSO and the enhanced
[security of passkeys](https://www.corbado.com/faq/are-passkeys-safe). Platforms like Corbado seamlessly
integrate these features, ensuring users enjoy a convenient yet secure digital experience.

### IdP-initiated vs. SP-initiated: What's the difference?

IdP-initiated means that the login process begins at the Identity Provider (IdP), sending
a SAML [assertion](https://www.corbado.com/glossary/assertion) to the Service Provider (SP). In contrast,
SP-initiated SSO starts when a user attempts to access a service directly at the SP's
site, redirecting him to the IdP to log in.