Single Sign-On (SSO)
SSO is a system that allows users to authenticate once with an identity provider and then automatically access multiple applications without re-entering credentials. It centralizes authentication decisions while simplifying the user experience.
# WHAT TEAMS RUN INTO
- —
SSO becomes a single point of failure. One account compromise gets the attacker into all SSO-protected applications instantly. The user has one password, attackers need one compromise.
- —
Session management inconsistency creates security gaps. Some applications honor SSO session expiration, others ignore it. A user logs out of SSO but stays logged into some applications.
- —
SSO doesn't enforce consistent security policy. Different applications connected to the same SSO system can require different MFA policies, creating a lowest-common-denominator approach to authentication.
# WHY IT MATTERS
SSO is a UX win that comes with a security trade-off. It simplifies authentication but creates a choke point — if it fails, access fails everywhere. If it is compromised, compromise spreads everywhere. Organizations that implement SSO gain convenience at the cost of making identity the single most critical control point in their architecture. That concentration of power makes SSO itself the target.