SSO, or Single Sign-On enables a user to authenticate with multiple applications with one set of credentials.

Why should I care?

A new team member joins. You grant her access to the Web analytics platform. A few days later, she requires access to the customer support ticket system, so you create a new account for here there. Then she leaves the organization. You are going through all the applications to figure out how to revoke her access.

Multiple compliance standards, from SoC-2 to HIPPA, require awareness as to who and when a person has accessed a specific system on a platform.

How does it work?

An identity provider implements SSO. The SSO centralizes all authorized users within an organization. The identity provider runs a MFA workflow and, on success, generates a session token, most commonly a JWT. That token is then presented to one or several applications to execute business logic processes. It is the application’s responsibility to check the validity and permissions associated with each token, through a RBAC layer, before an application request is allowed.