SSO — Explained with Examples

SSO (Single Sign-On) is an authentication method that allows users to log in once and access multiple applications without re-entering credentials.

SSO stands for Single Sign-On. It’s the technology behind “Log in with Google” buttons and enterprise portals where one company password gives access to email, CRM, HR systems, and more.

How SSO Works

SSO uses a central Identity Provider (IdP) that authenticates the user and issues tokens or assertions. Each application (Service Provider) trusts the IdP’s verification.

User → App A: "I want to log in"
App A → IdP: "Please authenticate this user"
IdP → User: "What's your password?"
User → IdP: "Here's my password"
IdP → App A: "User is authenticated (here's a token)"
User → App B: "I want to log in"
App B → IdP: "Is this user authenticated?"
IdP → App B: "Yes, here's a token (no password needed)"

Real-World Analogy

SSO is like a concert wristband. You show your ticket at the entrance (IdP) and get a wristband (token). Now you can enter any area — the main stage, food court, merch stand — without showing your ticket again. Each area checks the wristband (validates the token) but doesn’t need to see your ticket. At the end of the day, the wristband expires and you need a new ticket tomorrow.

SSO Protocols

Example: SSO Token Verification

const jwt = require('jsonwebtoken');

function ssoMiddleware(req, res, next) {
  const token = req.headers.authorization?.split(' ')[1];
  if (!token) return res.redirect('https://sso.example.com/login');

  try {
    // Verify token from Identity Provider
    const user = jwt.verify(token, process.env.IDP_PUBLIC_KEY);
    req.user = user; // { id: 1, email: 'alice@corp.com', roles: [...] }
    next();
  } catch (err) {
    res.redirect('https://sso.example.com/login');
  }
}

Related Terms

OAuth, OpenID Connect, SAML, LDAP, JWT