# What is SSO?

## Single Sign-On (SSO) Explained

**Single Sign-On (SSO)** is an authentication method that allows users to log in once and access multiple applications without having to log in again.

### Real-World Example

Think about your experience with Google services:

1. You log into **Gmail** with your Google account
2. You can then access **YouTube**, **Google Drive**, **Google Photos** without entering your password again
3. All these services recognize that you're already authenticated

This is SSO in action!

## What is an Identity Provider (IDP)?

An **Identity Provider (IDP)** is a system that:

* Manages user identities and credentials
* Provides authentication services
* Issues security tokens to applications
* Maintains user profile information

**Oten IDP** is our identity provider system that enables SSO for your applications.

## How SSO Works (Simple Version)

<figure><img src="/files/QbMGgYP57fU3oemb8tyH" alt=""><figcaption></figcaption></figure>

1. **User** tries to access any application
2. **Application** redirects to Oten IDP
3. **User** logs in once at the IDP
4. **IDP** confirms identity to all applications
5. **User** can access all applications without logging in again

## Key Concepts

### Authentication vs Authorization

* **Authentication**: "Who are you?" (Proving identity)
* **Authorization**: "What can you do?" (Permissions and access rights)

SSO primarily handles **authentication** - proving who you are.

### Federated Identity

SSO enables **federated identity**, where:

* One identity can be used across multiple systems
* Trust relationships exist between applications and the IDP
* User data is shared securely between trusted systems

## SSO vs Traditional Login

### Traditional Login (Without SSO)

```
App 1: Username + Password
App 2: Username + Password  
App 3: Username + Password
```

❌ Multiple passwords to remember\
❌ Multiple login processes\
❌ Security risks from password reuse

### With SSO

```
Oten IDP: Username + Password
↓
App 1: ✅ Automatically logged in
App 2: ✅ Automatically logged in
App 3: ✅ Automatically logged in
```

✅ One password to remember\
✅ Single login process\
✅ Enhanced security

## Common SSO Protocols

Oten IDP uses industry-standard protocols:

* **OAuth 2.0**: Authorization framework
* **OpenID Connect (OIDC)**: Identity layer on top of OAuth 2.0
* **SAML**: Security Assertion Markup Language (for enterprise - coming soon)

Don't worry about the technical details yet - we'll cover these in the developer sections!

***

**Next**: Learn about [Why Use SSO?](broken://pages/u0qRrpvlRrnvFgMjrzdc) to understand the benefits


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://oten.gitbook.io/identity-support/integration/integration-document/what-is-sso.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.