Single sign-on (SSO)

Single sign-on (SSO) is an authentication system that lets users log in to several related applications and websites using one set of credentials. For example, when signing in to Gmail, you are also authenticated to other Google services such as Google Drive, Youtube and AdSense. When you then open Youtube, you are already logged in with the same account.

How does it work? When a user logs in to an application that has an SSO service, the service creates an authentication token. This token contains information needed to authenticate the user. It is stored either in the user’s browser or within the SSO service’s servers. Any app the user accesses will check for the token. The SSO service passes the user’s authentication token to the app and the user is signed in. If, however, the user has not yet logged in, they will be prompted to do so through the SSO service.

The benefits of SSO include reducing password fatigue, time spent re-entering credentials and support requests relating to password loss. Since users have fewer passwords to remember, there is a better chance that they will use different and stronger passwords. The main downside is that if these credentials are discovered, they give access to many different services. Also, when the user forgets their password, they can’t access any of the related applications and websites.