Glossary

SSO (Single Sign-On)

SSO allows users to authenticate once to access multiple applications. It is a frequently required capability in enterprise security questionnaires.

Definition

Single Sign-On (SSO) is an authentication mechanism that allows users to log in once with a single set of credentials and gain access to multiple applications and services without re-authenticating. It typically uses protocols like SAML 2.0, OAuth 2.0, or OpenID Connect (OIDC).

Context

SSO support is one of the most commonly required enterprise features in security questionnaires. Buyers ask whether vendors support SAML and OIDC federation, whether SSO is available on all plans or restricted to enterprise tiers, and whether the vendor enforces SSO as the only authentication method (mandatory SSO). Vendors that offer SSO on lower pricing tiers gain a competitive advantage in security reviews. SSO questions frequently appear alongside multi-factor authentication (MFA) and identity federation questions.

Why it matters

Single sign-on allows users to authenticate once and access multiple applications without re-entering credentials. Most enterprise SSO implementations use SAML 2.0 or OpenID Connect protocols, with an identity provider like Okta, Azure AD, or Google Workspace brokering authentication to downstream service providers. For security teams, SSO centralizes authentication policy enforcement — password complexity, session duration, and multi-factor authentication requirements apply uniformly rather than being configured per application.

A critical pitfall is assuming SSO eliminates all credential risk. SSO concentrates authentication into a single identity provider, making that provider a high-value target. If the IdP is compromised, every connected application is exposed. Organizations must enforce MFA at the IdP level, monitor for session hijacking, and maintain break-glass accounts for IdP outages. Additionally, not all SaaS vendors support SSO on every pricing tier, creating gaps where some applications fall outside centralized authentication.

SSO appears on virtually every security questionnaire because it directly impacts access governance. Customers want to know whether their users can authenticate via their own IdP, whether SCIM provisioning and deprovisioning is supported, and whether the application enforces SSO exclusively or allows password fallback. Vendors that support SSO with SCIM and just-in-time provisioning demonstrate mature access lifecycle management, which significantly reduces risk for enterprise buyers evaluating third-party tools.

Related terms

RBAC (Role-Based Access Control)SOC 2Security QuestionnaireZero Trust Architecture

Learn more

Security Questionnaire SoftwareTrust Center Software

Automate your security questionnaire workflow

VeriRFP uses evidence-backed AI to draft security questionnaire responses with deterministic citations from your approved documentation.
Try VeriRFP freeQuestionnaire automationBack to glossary

Privacy controls

We use essential cookies for sign-in and service operations. With your permission we also load analytics to understand how teams use the product. Analytics stay off until you accept. See our Privacy Policy.