Single Sign-On
Single sign-on (SSO) is an authentication method that allows users to access multiple applications with one set of login credentials.
technology
Category
advanced
Difficulty
5 min read
Read time
2025-01-15
Updated
Definition
Short definition
Single sign-on (SSO) is an authentication method that allows users to access multiple applications with one set of login credentials.
Detailed explanation
Single sign-on (SSO) enables users to log in once and gain access to multiple connected systems without re-entering credentials. It centralises authentication through an identity provider (IdP) like Microsoft Entra ID, Okta, or Google Workspace.
For HR systems, SSO improves security by reducing password fatigue, enabling centralised access control, and simplifying user provisioning and deprovisioning. It also enhances user experience by eliminating multiple login prompts.
Common SSO protocols include SAML 2.0, OAuth 2.0, and OpenID Connect. Enterprise HR software typically supports one or more of these standards.
Practical guidance
How it works
Users authenticate with the identity provider (IdP). The IdP issues a token confirming identity. Connected applications trust the IdP and grant access based on the token. No passwords are shared between systems.
Best practices
Implement multi-factor authentication with SSO
Regular access reviews
Prompt deprovisioning on termination
Monitor for suspicious access patterns
Legal context
Legal basis
GDPR (security of processing), Cyber Essentials
Jurisdiction: Global
Key provisions
Appropriate authentication for sensitive data
Centralised access control
Audit logging of access
Prompt access revocation when required
Official source
Frequently asked questions
Is SSO more secure than separate logins?
Yes, when implemented correctly with MFA. SSO reduces password reuse, enables stronger central security policies, provides better audit trails, and allows instant access revocation. It also reduces phishing risk by eliminating multiple login pages.
What SSO protocols should HR software support?
SAML 2.0 is the enterprise standard. OAuth 2.0/OpenID Connect are modern alternatives. Your HR system should support the protocol(s) used by your identity provider (Microsoft Entra ID, Okta, Google, etc.).
Can small businesses use SSO?
Yes, cloud identity providers like Microsoft 365, Google Workspace, and Okta offer SSO at various price points. Many HR systems include SSO at no extra cost. The security and convenience benefits apply to businesses of all sizes.
Related glossary terms
Two-Factor Authentication
Two-factor authentication (2FA) is a security method requiring users to provide two different types of identification to access a system.
API Integration
API integration is the technical connection between different software systems that allows them to share data and functionality automatically.
HRIS
An HRIS (Human Resource Information System) is software that manages and automates HR processes including employee data, payroll, benefits, and reporting.
Data Protection
Data protection is the practice of safeguarding employee personal information from unauthorised access, use, disclosure, or loss.