Single Sign-On
SSO.
An authentication pattern where a user signs in once at an identity provider and that authentication grants access to multiple applications without re-authenticating at each.
Enterprise SSO is the most-asked-about CIAM feature in B2B SaaS sales conversations. The first $30–50k contract typically arrives with a security questionnaire requiring SAML or OIDC SSO, and the SaaS that has it ready closes the deal weeks faster than the SaaS that has to ship it as a project.
Common questions
What's the difference between SSO and federation?
SSO is the user-facing outcome: sign in once, reach many apps without re-authenticating. Federation is the mechanism underneath, where an identity provider vouches for a user to a service provider via a trust relationship and a protocol like SAML or OIDC. Federation is how cross-domain SSO is implemented.
Is social login considered SSO?
Loosely, yes. Logging in with Google or Apple lets one identity provider authenticate you to many apps, which is the SSO pattern. In enterprise contexts SSO usually means federation to a corporate IdP such as Okta or Entra via SAML or OIDC, whereas social login is consumer-grade SSO over OIDC.
Do I need both SAML and OIDC for enterprise SSO?
To cover the whole enterprise market, effectively yes. Some customers' identity providers only speak SAML, others prefer OIDC, and you cannot predict which a given buyer will require. A CIAM that supports both lets each customer connect with whatever their IdP supports.
Related terms
In the guides
B2B SaaS Identity: Organizations, SSO, SCIM, and the Enterprise Sales Checklist
How to design B2B SaaS identity: Organizations, Enterprise SSO with SAML and OIDC, SCIM provisioning, audit logs, and the IT-admin features that close enterprise deals.
Enterprise SSO: SAML vs OIDC, and How to Pick
SAML and OIDC are the two protocols that dominate enterprise SSO. A practical comparison, when each is the right answer, and the IdP-side considerations that determine the choice.