What Is Single Sign-On? One Login for Many Apps
Single sign-on lets a user authenticate once with a central identity provider and then access many connected applications without logging in again.
Single sign-on, or SSO, centralizes authentication. Instead of a separate password for every tool, users log in once to an identity provider, which then vouches for them to each connected application. For engineering teams, SSO is how access to GitHub, cloud consoles, and CI/CD platforms is unified and controlled in one place.
How SSO works
A central identity provider (IdP) authenticates the user. When the user visits an application, the application redirects to the IdP, which confirms the user is already logged in and issues a signed assertion or token. The application trusts that assertion and grants access without a second password.
The protocols behind it
- SAML: XML-based assertions, common in enterprise web apps.
- OpenID Connect: a modern identity layer built on OAuth 2.0.
- These standards let the IdP and the application trust each other securely.
Why teams adopt SSO
SSO reduces password sprawl, centralizes offboarding (disable one account and access to everything is cut), and enables consistent policy like mandatory multi-factor authentication. For security teams it is a single, auditable control point.
SSO and CI/CD access
Access to your CI/CD platform, source host, and cloud accounts is often gated by SSO. This is human-facing access; it is distinct from how pipelines authenticate to services, which uses tokens and OIDC rather than interactive login.
Risks to understand
SSO concentrates risk: compromise of the IdP can expose everything behind it. That is why IdP accounts demand strong multi-factor authentication and why session lifetimes and re-authentication policies matter so much.
The Latchkey angle
Platform access for tools like Latchkey is typically governed through your source host and SSO. Pipeline authentication to runners and services, by contrast, uses scoped, short-lived credentials rather than interactive sign-on.
Key takeaways
- SSO lets users authenticate once and reach many applications via a central IdP.
- It commonly runs on SAML or OpenID Connect and simplifies access governance.
- It centralizes risk, so the identity provider must be strongly protected.