Single sign-on simply explained

In modern organizations, the number of applications is increasing rapidly: collaboration tools, HR systems, customer access, supplier portals. Without central login, this quickly leads to password chaos, security risks and heavy burdens for IT.

Single sign-on (SSO) solves exactly this challenge:
Users log in with SSO unodc to — and receive Access to all applicationsfor which they are eligible.

Today, SSO is a central component of modern IT security.

What does SSO mean? — The simple definition

Single sign-on (SSO) is an authentication method in which a user A single time Sign up and then automatic access to multiple connected apps receives — without further logins.

That means:

• One login, many applications
• central authentication
• uniform safety standards
• fewer passwords, fewer risks

An everyday comparison:
Like a central master key that can open various doors — but only for people with the appropriate authorizations.

How does SSO work technically?

Even though SSO seems simple in everyday life, there is a clearly structured technical process behind it.

1. Authentication vs. authorization

• Authentication: Who are you
• Authorization: What are you allowed to do?

SSO solves authentication, i.e. the secure verification of identity.

Which rights a person then receives in the connected applications, on the other hand, are controlled via roles, groups and policies in identity and access management (IAM).

2. SSO explained in 5 steps

1. User logs on to the central identity provider (IdP) once
2. The dP checks identity +, if applicable, multi-factor authentication
3. If the login is successful, the IdP creates a token
4. When an application is accessed, the token is verified
5. The application grants access as long as the token is valid

The token is a secure “proof of access” that can be used multiple times — without re-entering a password.

3. These protocols enable modern SSO

Modern systems use open standards such as:

• OpenID Connect (OIDC)
• SAML 2.0
• OAuth2

These protocols enable secure, interoperable authentication between platforms, clients, applications, and systems — whether cloud-based, on-premise, or hybrid.

What are the benefits of single sign-on?

SSO has benefits for security, IT departments, users, and compliance alike.

1. Increased safety

• Centralized control and enforcement of strong password policies
• Consistent use of MFA (including Windows login, out-of-band, passkeys, etc.)
• Less attack surface due to fewer password entries
• Reduced phishing risks
• Unified session and risk analysis

2. Better comfort & user experience

• From a user's perspective: Just one login instead of 10+ different login masks
• Fewer password resets
• Uniform look & feel in the company's CI

3. IT relief & cost savings

• Significantly fewer tickets (password forgotten, login problems)
• Less administrative effort due to central user administration
• Easy integration of new tools
• Less shadow IT

4. Strong compliance & auditability

Decisive, especially for authorities and regulated industries:

• Central Logging & Audit Logs
• Clear traceability of access rights
• Support for GDPR, for example
• Risk and Role Model Transparency
• Consistent security policies

What types of SSO are there?

Not all SSO is the same — there are different requirements depending on the use case.

1. Workforce SSO (B2E)

For Employees in Companies or Public Authorities.

2. Customer SSO (B2C/CIAM)

For End Customers or Citizens

3rd Partner SSO (B2B)

For Suppliers, Service Providers, External Partners

4. Federated SSO

Organizations trust each other (e.g. SAML Federation between Companies).

Password manager vs. SSO: What's the difference?

A password manager stores passwords securely and automatically fills them out when required — but the actual login continues to take place decentrally in every application. Single sign-on works fundamentally differently: Here, users only log on once to the central identity provider, which verifies their identity and issues a secure token. All connected applications trust this token and therefore no longer require their own password. While password managers only make it easier to handle passwords, SSO creates uniform, verifiable and significantly more secure authentication across all systems.

When do companies need an SSO system?

An SSO system becomes particularly important when:

• multiple applications are used
• Many remote employees or mobile devices are in use
• multiple identity sources come together (AD, HR systems, external partners)
• NIS2/BSI compliance is relevant or GDPR printing
• High number of users
• Heavy load on internal IT due to password resets or login problems
• Growth or scaling is planned
• sensitive data is processed (e.g. KRITIS, public authorities, financial or healthcare sector)

Modern SSO systems: What should companies pay attention to?

SSO is a safety-critical part of the IT infrastructure. For a solution to be sustainable in the long term, it should meet the following requirements:

• Open standards (OIDC, SAML2, OAuth2):
  For maximum compatibility and easy integration of new applications.
• Flexible deployment (cloud, hybrid, on-premise):
  SSO must fit seamlessly into existing IT landscapes — regardless of the operating model.
• Built-in strong MFA:
  Modern methods such as passkeys, social logins or hardware tokens should be supported natively.
• Automated Provisioning (SCIM):
  For consistent user and role management across systems.
• Digital Sovereignty:
  Particularly relevant as SSO centralizes highly sensitive identity and access processes.
• Transparent audit and compliance features:
  Complete logging, event forwarding, and policy review are essential for audit and security.
• Scalability & resilience:
  The system must be able to handle peak loads and be highly available — even with large numbers of users.
• Intuitive admin interface:
  Complex role, group and policy models must be able to be managed efficiently without requiring specialized knowledge.
• No vendor lock-in & verifiable security:
  Open standards, verifiable architecture and transparency increase future security.

Conclusion: SSO is the key to secure, modern and efficient IT

Single sign-on reduces risks, simplifies IT, improves user experiences and creates the basis for modern, scalable strategies. In combination with strong MFA procedures, ILM processes and clear governance, SSO becomes a central component of IT security.

‍