SSO

Definition

Single Sign-On (SSO) allows users to access multiple applications with one set of credentials. Instead of separate logins for each tool, users authenticate once through an identity provider and gain access to all connected applications.

How SSO Works

User attempts to access an application
Application redirects to identity provider (IdP)
User authenticates with IdP (if not already logged in)
IdP sends authentication token to application
Application grants access

Common SSO Protocols

Protocol	Usage
SAML 2.0	Enterprise standard, XML-based
OAuth 2.0	Authorization framework, used with OIDC
OpenID Connect (OIDC)	Modern authentication, JSON-based

SSO Benefits

For Organizations

Centralized access control
Easier employee offboarding
Reduced password fatigue
Better security visibility

For Users

Fewer passwords to remember
Faster access to tools
Consistent login experience

SSO Pricing Considerations

Many SaaS tools charge extra for SSO - often called the “SSO tax.” Enterprise plans typically include SSO while lower tiers don’t. When evaluating tools, check if SSO is included or requires upgrade.

Identity Providers

Common IdPs that work with most SaaS tools:

Okta
Azure Active Directory
Google Workspace
OneLogin
JumpCloud

Frequently Asked Questions

Why do tools charge extra for SSO?

SSO implementation requires development effort and is primarily demanded by enterprises. Many vendors gate SSO behind enterprise tiers as a result. Some view this as problematic since SSO improves security.

What’s the difference between SSO and SCIM?

SSO handles authentication (proving identity). SCIM handles provisioning (creating/updating/removing user accounts). They’re complementary - SSO lets users log in, SCIM manages user lifecycle.

Can I use SSO with smaller tools?

Many smaller SaaS tools support SSO through OAuth (login with Google/GitHub). Enterprise SAML SSO is less common in smaller tools but increasingly available.