About Single Sign On (SSO)

Single Sign-On (SSO) operates through a trust relationship between an Identity Provider (IDP) and one or more Service Providers (SP).

The IDP is the centralized authentication authority (such as Okta, Entra - previously AzureAD, or Google Workspace) that manages user credentials, authenticates users, and issues security tokens confirming their identity.

Service Providers, on the other hand, are the applications and services your users access (like CLOWD9, ReadMe, Salesforce, or Slack) — they trust the IDP to handle authentication and accept its tokens without requiring separate login credentials. When a user attempts to access a Service Provider, they're redirected to the IDP to authenticate once; the IDP then sends a signed assertion (via protocols like SAML 2.0, OAuth 2.0, or OpenID Connect) back to the SP, granting access without additional passwords. This architecture means the IDP holds and verifies credentials centrally, while Service Providers delegate authentication responsibility, creating the seamless "single sign-on" experience across multiple applications.