# Single Sign-On (SSO)*

# Acronyms, Abbreviations, and Initialisms

Short Form Full Form
FIM Federated Identity Management
RSO Reduced Sign-On
SCIM System for Cross-domain Identity Management
SPML Service Provisioning Markup Language
SSO Single Sign-On

# Glossary

Federated SSO is typically used for facilitating interorganizational and intersecurity domain access to resources leveraging federated identity management.

Not to be confused with SSO or federated SSO, RSO refers to not having to sign into each piece of data or store once authorization has been granted. It generally operates through some form of credential synchronization. RSO introduces security issues not experienced by SSO because the nature of SSO eliminates usernames and other sensitive data from traversing the network.

# Overview

SSO refers to a situation where the user signs in once, usually to an authentication server; then when the user wants to access the organization's resources, each resource will query the authentication server to determine if the user is logged in and properly authenticated; the authentication server then approves the request and the resource server grants the user access.

SSO ensures that a single user authentication process grants access to multiple systems or even organizations.

SSO is a subset of FIM, as it relates only to authentication and technical interoperability. It leverages federated trusts to implement a streamlined process of SSO in the cloud account provisioning process (using SPML or SCIM).

  • Authentication occurs a single time using SAML, OIDC, or WS-Federation.
  • Authorization occurs using SAML or OAuth.