> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/integration/integration-document/what-is-sso.md).

# What is SSO?

## Single Sign-On (SSO) Explained

**Single Sign-On (SSO)** is an authentication method that allows users to log in once and access multiple applications without having to log in again.

### Real-World Example

Think about your experience with Google services:

1. You log into **Gmail** with your Google account
2. You can then access **YouTube**, **Google Drive**, **Google Photos** without entering your password again
3. All these services recognize that you're already authenticated

This is SSO in action!

## What is an Identity Provider (IDP)?

An **Identity Provider (IDP)** is a system that:

* Manages user identities and credentials
* Provides authentication services
* Issues security tokens to applications
* Maintains user profile information

**Oten IDP** is our identity provider system that enables SSO for your applications.

## How SSO Works (Simple Version)

<figure><img src="/files/QbMGgYP57fU3oemb8tyH" alt=""><figcaption></figcaption></figure>

1. **User** tries to access any application
2. **Application** redirects to Oten IDP
3. **User** logs in once at the IDP
4. **IDP** confirms identity to all applications
5. **User** can access all applications without logging in again

## Key Concepts

### Authentication vs Authorization

* **Authentication**: "Who are you?" (Proving identity)
* **Authorization**: "What can you do?" (Permissions and access rights)

SSO primarily handles **authentication** - proving who you are.

### Federated Identity

SSO enables **federated identity**, where:

* One identity can be used across multiple systems
* Trust relationships exist between applications and the IDP
* User data is shared securely between trusted systems

## SSO vs Traditional Login

### Traditional Login (Without SSO)

```
App 1: Username + Password
App 2: Username + Password  
App 3: Username + Password
```

❌ Multiple passwords to remember\
❌ Multiple login processes\
❌ Security risks from password reuse

### With SSO

```
Oten IDP: Username + Password
↓
App 1: ✅ Automatically logged in
App 2: ✅ Automatically logged in
App 3: ✅ Automatically logged in
```

✅ One password to remember\
✅ Single login process\
✅ Enhanced security

## Common SSO Protocols

Oten IDP uses industry-standard protocols:

* **OAuth 2.0**: Authorization framework
* **OpenID Connect (OIDC)**: Identity layer on top of OAuth 2.0
* **SAML**: Security Assertion Markup Language (for enterprise - coming soon)

Don't worry about the technical details yet - we'll cover these in the developer sections!

***

**Next**: Learn about [Why Use SSO?](broken://pages/u0qRrpvlRrnvFgMjrzdc) to understand the benefits
