Single Sign-On and External Identities
Enable SSO for enterprise applications registered in Entra ID, and allow external partners or customers to sign in using their own identities via B2B or B2C.
What Is Single Sign-On?
Single Sign-On (SSO) allows a user to authenticate once and gain access to multiple applications without re-entering credentials for each one. Entra ID acts as the central identity provider (IdP): after signing in to the Microsoft identity platform, tokens are issued that grant access to any registered application the user is entitled to use. SSO improves security by reducing password fatigue and the proliferation of per-app credentials.
SSO Protocols: OIDC and SAML
Entra ID supports two primary SSO protocols. OpenID Connect (OIDC) is the modern standard built on OAuth 2.0, used by Microsoft's own apps and most new SaaS applications — it issues JSON Web Tokens (JWTs). SAML 2.0 is an older XML-based protocol still required by many legacy enterprise applications and is supported by thousands of pre-integrated apps in the Entra ID application gallery.
All lessons in this course
- What Is Microsoft Entra ID?
- Users, Groups, and Role Assignments
- Multi-Factor Authentication and Conditional Access
- Single Sign-On and External Identities