How Single Sign-On (SSO) Works: Architecture, Roles, and Flow Explained
Single Sign-On (SSO) is an authentication mechanism that lets users log in once to access multiple trusted applications, and this article breaks down its core components—Identity Provider, Service Providers, and business systems—along with a step‑by‑step flow illustrated with diagrams.
What Is Single Sign-On (SSO)?
Single Sign-On (SSO) is an authentication mechanism that allows a user to log in once and then access multiple mutually trusted applications without re‑entering credentials for each.
Typical SSO Architecture
The typical SSO architecture involves three main roles:
Identity Provider (IdP) : the central authentication server that manages user identities, validates login requests, and issues tokens.
Service Provider (SP) : applications that rely on the IdP for authentication.
Business Systems : downstream subsystems (e.g., order system, payment system) that provide business functionality but delegate authentication to the SSO system.
Core Process Flow
The typical SSO flow proceeds as follows:
User accesses Business System A.
System A detects the user is not logged in and redirects to the SSO IdP.
User enters credentials at the IdP; upon successful authentication, the IdP issues a token (e.g., JWT, Ticket).
User returns to System A with the token; System A validates the token with the IdP and grants access.
Subsequent access to other trusted systems can reuse the same token, providing a seamless experience.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Mike Chen's Internet Architecture
Over ten years of BAT architecture experience, shared generously!
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.