Single Logout
Single Logout.
The federation protocol mechanism that propagates a logout request from one application to the IdP and on to every other application sharing the SSO session — terminating all sessions in one user action.
SLO is the SSO feature most likely to be silently broken. Users click logout, the app destroys its local session, but other apps in the federation still hold valid sessions because the SLO callback failed silently or the RP never implemented it. Compliance-driven deployments need SLO to work reliably; in practice, the right belt-and-suspenders is short session lifetimes plus reliable local logout, with SLO as best-effort.
Common questions
What's the difference between SLO and local logout?
Why is SLO often broken in B2B SaaS?
Does OIDC support single logout?
Related terms
In the guides
OpenID Connect (OIDC) Explained: The Modern Identity Layer on OAuth 2.0
OIDC adds authentication and identity claims to OAuth 2.0. How discovery, ID tokens, and the standard scopes work, plus the pitfalls that bite implementers in production.
SAML 2.0 Explained: The Enterprise SSO Standard, 20 Years In
SAML 2.0 still dominates enterprise SSO install base in 2026. How the protocol actually works, the bindings, profiles, the metadata exchange, and the security pitfalls that keep biting implementers.