!!! Overview
Single Sign-On ([SSO]) implies that once the [Entity] has been Identified, no further [Authentications] are required.


Typically, this is done through some form of [Identity Broker] application.

Many people confuse [Consistent Sign-On (CSO)|CSO] with [{$pagename}] and often what Organizations end up with is [Reduced Sign-On (RSO)|Reduced Sign-On].

There are several specific implementations of [{$pagename}]:
* [Native Single Sign-On]
* [WEB Single Sign-On]
* [Federated Identity] - is a [Digital Identity] that is part of a [Federation Models] implement [{$pagename}]
Many [Organizations|Organizational Entity] heterogeneous approach to [{$pagename}] implementing one or more through an [Identity Broker] type product.

Often, [{$pagename}] applications will implement a form of [Identity Brokering|Identity Broker] to allow [Cross-domain authentication] and/or [Cross-platform Authentication]

[{$pagename}] usually also involves a [Identity Federation].


[{$pagename}] may be provided as part of a [Cloud Access Security Broker]

!! [{$pagename}] and [User Provisioning]
Many [{$pagename}] target [applications] have an internal [User Store]. Thus, before an [End-User] can use [{$pagename}] to a target [application], the [Organizational Entity] must first add (or [provision|Provisioning]) the user to that [application].

[OpenID Connect Federation] often does not require [User Provisioning] (however the application may still require provisioning.)


!! [{$pagename}] and [Authorization]
Many [{$pagename}] implementations do not provide [Authorization] to the level that may be required.



!! [Single Sign-On Scenarios]
Some of the more common [Single Sign-On Scenarios].

!! [{$pagename}] [Security Considerations]
As [{$pagename}] has grown to often include all [Organizational Entity]'s [Applications] and perhaps even [Federated Applications|Federation] we now have all our eggs in one basket. Compromise of one [entity]'s [Password] might allow [access] to [HR] Applications or to [Financial] [Applications] where the [entity] could have Administration permissions.

Perhaps we need a [Graded Authentication]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]