SSO and Federation

Single Sign-On (SSO) lets a user authenticate once and then access many applications without logging in again.

It improves user experience and centralizes security control.

SSO relies on an Identity Provider (IdP) that authenticates users and vouches for them.

Applications, called Service Providers (SP) or relying parties, trust the IdP instead of handling passwords themselves.