← Lessons

quiz vs the machine

Gold1400

System Design

Single Sign On Architecture

Logging in once and reaching many apps without re entering credentials.

5 min read · core · beat Gold to climb

What SSO buys you

Single sign on lets a user authenticate once and then access many applications without logging in again. Credentials live in one place, so password policy, multi factor, and revocation are managed centrally.

The flow

When a user visits an app without a valid session, the app redirects them to the central login service. After the user authenticates there, the login service issues a signed assertion or token and redirects back. The app trusts that proof and starts a local session.

Because the central service already remembers the user, visiting a second app skips the password step entirely.

What makes it work

  • A shared trust between each app and the central login service.
  • A protocol to carry the proof, such as a redirect with a signed token.
  • A central session at the login service so later apps recognize the user.

Tradeoffs

  • One login to manage, but the login service becomes critical infrastructure.
  • A breach of the central service can expose every connected app.

Key idea

Single sign on centralizes login so a user authenticates once and apps trust a signed proof to start their own sessions.

Check yourself

Answer to earn rating on the learn ladder.

1. What is the core benefit of single sign on?

2. Why does visiting a second app skip the password step?

3. A risk of SSO architecture is that