You sign in once in the morning and suddenly your email, calendar, chat and a dozen other tools are all open — no more logins. That is single sign-on, or SSO. It is one of the most common authentication systems in workplaces, and increasingly online with "Sign in with Google" buttons. This guide explains what SSO is, how it works, and its honest limits.
The short answer
Single sign-on lets you log in once and access many connected apps without re-entering your password. You authenticate with one trusted service, and it confirms your identity to the other apps for you. One login, many services. It saves time and cuts down on the pile of passwords you would otherwise juggle.
How SSO works
Behind the convenience is a central identity provider — the service you actually log in to. When you sign in, it issues each app a secure token that says "this person is verified." The apps trust the token, so they never ask for your password and never see it. You experience one login; the apps quietly accept the proof in the background. The "Sign in with Google" button is SSO you have probably used already.
The real benefits
SSO is popular for good reasons. You handle far fewer passwords, which means fewer weak or reused ones. Logging in is faster, especially across many work tools. And because everything flows through one identity provider, security can be centralised — strong authentication and two-factor login enforced in one place instead of app by app. For companies, it also makes adding and removing access much simpler.
The honest limits
There is a catch, and it matters. SSO turns your main account into a single key: if someone breaks into it, every connected app is exposed at once. That makes protecting the SSO account critical — a strong, unique password and two-factor authentication are non-negotiable. SSO also does not cover everything; plenty of accounts you use have no SSO option at all, so it never fully replaces good password habits.
Secure the accounts SSO doesn't cover — BitwardenOpen-source, audited password manager for unique passwords on every account, including the many that have no single sign-on option→SSO vs a password manager
People sometimes treat these as rivals; they are partners. SSO gives you one identity for a set of connected apps. A password manager gives you a unique password for every account, including all the ones SSO does not reach. SSO reduces how often you log in; a password manager makes sure each remaining login is strong. Use SSO where it is offered, and a password manager for everything else.
The bottom line
Single sign-on lets you log in once and move freely between connected apps, with fewer passwords and centralised security. The trade-off is that the SSO account becomes a single point of failure, so it must be locked down hard. And because it never covers every account, it works best paired with a password manager — SSO for the connected apps, unique passwords for the rest.
★ Audit Cure53 2024 · ✓ Plan gratuit · Cross-platform
Lock down your accounts → NordPassStrong unique passwords · breach scanner · free tier→
