Single Sign-On (SSO) reviews by real, verified users. Find unbiased ratings on user satisfaction, features, and price based on the most reviews available anywhere.
SSO, or single sign-on, software is an authentication tool that allows users to sign into multiple applications or databases with a single set of credentials. Federation is the linking of IT systems, organizations, and personal identities with credentials and repositories. SSO products serve to simplify identification processes and create an uninhibited feel when working to access applications, portals, and servers. The software is designed to provide users with access to multiple applications or datasets without requiring multiple logins.
The goal of SSO products is not only to improve ease of use while navigating across applications but also to minimize work for IT administrators and developers by centralizing access management. SSO products effectively join the desired applications and route logins through an SSO server. These products often include features such as dashboards for simplified navigation, application clouds, directory integration, and mobile applications for remote access.
There is some crossover between SSO software and solution types such as cloud identity and access management software, password management software, and user provisioning/governance software, but single sign-on products focus mainly on secure enterprise access to servers, applications, and databases rather than the management of data or passwords.
To qualify for inclusion in the SSO category, a product must:
Okta is the foundation for secure connections between people and technology. By harnessing the power of the cloud, Okta allows people to access applications on any device at any time, while still enforcing strong security policies. It integrates directly with an organization’s existing directories and identity systems, as well as 4,000+ applications. Because Okta runs on an integrated platform, organizations can implement the service quickly at large scale and low total cost. Thousands of cust
Citrix Workspace is a unified, secure, and intelligent digital workspace designed for improving the employee experience and empower people to work better anytime, anywhere without distractions. Citrix Workspace uniquely organizes, guides, and automates work, with customized interfaces and personalized workflows that enable employees to stay engaged in meaningful, innovative work that drives the business forward. Citrix Workspace securely delivers at every layer of the workspace technology stack,
Rippling makes it easy to manage your company's Payroll, Benefits, HR, and IT—all in one, modern platform. It brings all of your employee systems and data together, and helps automate your busy work. Take onboarding, for example. With Rippling, you can just click a button, and in 90 seconds set up a new hires’ payroll, health insurance, 401K, work computer, and third-party apps — like Slack, Zoom, and Office 365 — 100% online and paperlessly. And that's just one reason why Rippling is The #1 R
LastPass business solutions help teams & businesses take control of their identity management. LastPass provides simple control and unified visibility across every entry point to your business, with an intuitive access and multifactor authentication experience that works on everything from cloud and mobile apps to legacy on-premise tools. From single sign-on (SSO) and password management to adaptive multifactor authentication (MFA), LastPass Identity gives superior control to IT and friction
JumpCloud is an open directory platform for secure, frictionless access from any device to any resource, anywhere. JumpCloud’s mission is to Make Work Happen®, providing simple, secure access to corporate technology resources from any device, or any location. The JumpCloud Directory Platform gives IT, security operations, and DevOps a single, cloud-based solution to control and manage employee identities, their devices, and apply Zero Trust principles. JumpCloud has a global user base of more th
Duo Security's frictionless Trusted Access platform protects users, data and applications from malicious hackers and data breaches. Our mission is to protect your mission. Duo Security makes security painless, so you can focus on what's important. Our scalable, cloud-based Trusted Access platform addresses security threats before they become a problem. We do this by verifying the identity of your users and the health of their devices before they connect to the apps you want them to access.
OneLogin simpliﬁes identity management with secure, one-click access, for employees, customers and partners, through all device types, to all enterprise cloud and on-premises applications. OneLogin enables IT identity policy enforcement and instantly disables app access for employees who leave or change roles in real-time by removing them from Active Directory. Take control over application access, quickly on- and off-board team members, and provide end-users with easy access to all their appli
Millions of people and thousands of businesses depend on Keeper's password manager and encrypted vault to substantially reduce the risk of a data breach. Keeper is the world leader for securing passwords, documents and sensitive digital assets. With Keeper, your business can auto-generate high-strength passwords, protect sensitive files in an encrypted digital vault, securely share records with teams and seamlessly integrate with SSO, LDAP and 2FA. Start a 14-Day Free Trial now.
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world. For more information, visit https://au
Ping Identity (NYSE: PING) builds identity security for the global enterprise with an intelligent identity platform that offers comprehensive capabilities including single sign-on (SSO), multi-factor authentication (MFA), directory and more. Ping helps enterprises balance security and user experience for workforce, customer and partner identity types with a variety of cloud deployment options including identity-as-a-service (IDaaS), containerized software and more. Ping has solutions for both IT
Ensure users have convenient, secure access—from any device, anywhere—to the applications they need, whether in the cloud or on-premises. RSA SecurID Access is an enterprise-grade multi-factor authentication and access management solution that lets organizations consistently and centrally enforce dynamic risk-driven access policies aimed at providing continuous, seamless authentication. It protects all of your resources with a wide range of authentication methods, including push notification, bi
Azure Active Directory is a comprehensive identity and access management cloud solution that provides a robust set of capabilities to manage users and groups and help secure access to applications including Microsoft online services like Office 365 and a world of non-Microsoft SaaS applications.
SafeNet allows organizations to adapt their business and security needs to meet these challenges with authentication solutions that offer flexible service delivery which simplifies authentication implementation and management through automated processes.
Dashlane for businesses is a password management solution that is as easy to use as it is secure. Dashlane provides the ability to safely store login credentials, documents, and other private information with an industry-leading security architecture to mitigate the risk of data breaches and misuse. From single sign-on (SSO) authentication to automated provisioning, Dashlane gives IT the core features needed to secure the business without disruption to the work day. We’ve empowered over 15 mil
ForgeRock provides an identity platform to helps global brands, enterprises and government entities build secure, customer-facing relationships across any app, device or thing, user can use online identities to grow revenue, extend reach and launch new business models, and the company.
Salesforce Platform provides an out-of-the-box identity solution using open standards, including SAML, OpenID Connect, OAuth, and SCIM. Now IT can manage apps, users, and data sharing with simplicity and transparency.
Idaptive Services secures enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. Idaptive helps protect against the leading point of attack used in data breaches ― compromised credentials — through it’s Next Gen Access, which uniquely unifies single single-on (SSO), adaptive multi-factor authentication (MFA), enterprise mobility management (EMM) and user behavior analytics (UBA) into an integrated solution. Idaptive Services incl
SecureAuth is an identity security company that enables the most secure and flexible authentication experience for employees, partners and customers. Delivered as a service and deployed across cloud, hybrid and on-premises environments, SecureAuth manages and protects access to applications, systems and data at scale, anywhere in the world. The company provides the tools to build identity security into new and existing applications and workflows without impacting user experience or engagement, r
AWS Single Sign-On (SSO) is a cloud SSO service that makes it easy to centrally manage SSO access to multiple AWS accounts and business applications. It enables users to sign in to a user portal with their existing corporate credentials and access all of their assigned accounts and applications from one place.
Imprivata OneSign offers a single sign-on (SSO) solution that enables care providers to spend less time with technology and more time with patients. By eliminating the need to repeatedly type usernames and passwords.
IBM Security Verify Access, formerly IBM Security Access Manager or ISAM, helps you simplify your users' access while more securely adopting web, mobile, IoT and cloud technologies. It can be deployed on-premises, in a virtual or hardware appliance or containerized with Docker. Verify Access helps you strike a balance between usability and security through the use of risk-based access, single sign-on, integrated access management control, identity federation and mobile multi-factor authenticatio
Symantec SiteMinder is designed to secure the modern enterprise through a unified access management platform that applies the appropriate authentication mechanism to positively identify users; provides single sign-on and identity federation for seamless access to any application; enforces granular security policies to stop unauthorized access to sensitive resources; and monitors and manages the entire user session to prevent session hijacking.
miniOrange is a cloud based platform which provides Single Sign-On (SSO), Two Factor Authentication (2FA), Fraud Prevention, Cloud/Network Security and Social Login. Our Single Sign On (SSO), Strong Authentication (2FA) and Fraud Prevention products weave together disparate protocols and processes in secure Software as a Service environment providing easy to deploy, scalable and flexible platform at minimal total cost of ownership. miniOrange SSO (Single Sign-on) provides easy and seamless acc
Password-related breaches are the leading cause of data loss. Protect your company data by ensuring that only authorized people are given secure access to sensitive applications and information, using Kaseya’s complete and integrated Identity and Access Management (IAM) solution. Combining the power of multi-factor authentication and the efficiency of single sign-on, AuthAnvil provides confidence in knowing that your most vulnerable data is secure 100% of the time.
Modernize your digital workforce with Avatier Identity Anywhere integrated Identity Access Governance featuring push notification workflow across all your favorite platforms, and a modern cross-platform SSO solution to connect to all your SAML, oAuth, OpenID, and webform apps. Discover unrivaled self-service IT experience enabling collaboration across the entire enterprise without compromising privacy and security. Avatier native mobile experience for iOS and Android includes real-time collabo
Single sign-on (SSO) software is a user authentication solution that helps companies secure access to business applications and assets. It does so while also providing end users with a convenient, easy-to-use portal that requires them to only sign in and authenticate once in order to access multiple corporate applications and resources.
SSO software works by sharing authentication sessions between a trusted identity provider, which manages digital identities, and applications. In practice, commonly an identity provider requires the user to log in and authenticate; the identity provider then shares this authentication session with other applications by passing digitally signed tokens for the receiving application to verify that it is coming from a trusted provider prior to granting the user with access to the application. If the user identity token is accepted, the user is automatically granted access to the application.
The main reasons companies use SSO software is to both improve security and enhance the end-user sign-on experience, whether that be internal employees, end customers, or corporate business partners. SSO software also centralizes user access management, thus reducing the security management burden on administrators. Using an SSO solution, IT administrators can reduce or eliminate common time-consuming tasks like password resets. SSO products contain features that benefit both end users and administrators. For end users, this includes an easy-to-use user portal, intuitive authentication, and often a mobile application. For administrators, these solutions often include an identity directory or directory integrations, multiple multi-factor authentication (MFA) methods, audit features, and prebuilt application integrations.
What Does SSO Stand For?
SSO most commonly stands for single sign-on. The acronym SSO is less frequently used to describe same sign-on, which is different from single sign-on; same sign-on does not rely on trusted tokens, but rather credential sharing. Rarely, the acronym SSO is used to describe single sign-out.
Other common acronyms people may encounter regarding SSO products include:
FIM: federated identity management, of which SSO is a part
IAM: identity and access management
IdP: identity provider
JWT: JSON Web Token, a protocol commonly used in business to consumer (B2C) SSO applications
LDAP: lightweight directory access protocol, an open protocol used for directory services authentication
MFA: multi-factor authentication
OIDC: OpenID Connect, an authentication protocol
OAuth: an open standard authentication protocol
SAML: Security Assertion Markup Language, an open standard used for SSO solutions
Business to employee (B2E)
Companies use B2E SSO solutions to securely manage their employees’ access to corporate accounts, provide an easy to use user experience, and reduce user need for IT administrators services.
Business to business (B2B)
Companies use B2B SSO solutions to enable their business partners and corporate customers to best utilize the company’s services, using the partner or corporate customer’s preferred identity providers.
Business to consumer (B2C) or customer identity and access management (CIAM)
In B2C or CIAM use cases, customers are able to sign into other accounts and connect them to the business’ app to provide an SSO experience. Most commonly, customers authenticate using social media identity providers like Facebook or Google enabling them access to connected accounts.
The following are some core features within SSO software that can help users and administrators.
User portal: User portals provide an intuitive, easy-to-use end-user interface.
Mobile app: Many SSO solutions offer a mobile app for end users to both authenticate and access the SSO solution from their mobile devices.
MFA methods: Most SSO providers offer multiple authentication methods to end users, from software or hardware token-based authentication, to mobile push, passwordless authentication, biometric authentication, or one-time passcodes (OTPs).
Adaptive or contextual access: Some SSO software offers advanced authentication tools, such as adaptive or contextual access. Using machine learning to understand a user’s contextual use of the SSO product, such as location, IP address, time, and other real-time factors to create a user baseline profile. This profile is then used to determine anomalous access activity to prevent access when risk is deemed too high.
Directory or integration: To assist with user provisioning and management, SSO software either integrates with common directories, such as Microsoft Active Directory, LDAP-based directories, or Google Cloud Directory or they offer their own cloud directories built into the SSO software.
Prebuilt integration application catalog: SSO solutions commonly provide prebuilt integrations to commonly used SaaS applications, which are available on an application catalog.
Role management: SSO solutions assist administrators with user provisioning and assigning permissions based on user role for access control.
Audit features: Audit features provide administrators audit logs to monitor user access.
Increases security: The main benefit of using an SSO solution is for securing user access to company applications and other resources through user authentication.
Reduces password authentication risk: Since users must only sign in and authenticate once to access multiple applications, SSO solutions reduce the risks associated with poor password management and using only a single factor for authentication.
Saves users time and frustration: SSO solutions reduce the number of logins end users such as employees or customers must remember and SSO solutions reduce user frustration when switching between multiple applications once authenticated.
Saves administrators time and money: Users are able to access their accounts in one centralized location, reducing the number of calls to administrators for password resets, saving time and therefore money on labor costs.
Seamless experience across assets: SSO solutions reduce login friction for end users once authenticated and give them access to multiple accounts.
Centralizes consumer profiles: SSO software consolidates end-user experiences in one tool to provide a centralized view of end-user or customer data.
Systems administrators: Systems administrators are responsible for deploying and managing a company’s SSO solutions.
Employees: Employees are end users of SSO software in a B2E use case to sign on and authenticate with the user portal to access their corporate accounts.
Customers: Customers are end users of SSO software in a B2C use case and sign in and authenticate using an identity provider, often a social media account, to access a business’ applications.
Business contacts: Companies may use SSO software to enable their business partners and corporate customers to securely authenticate and access the company’s assets, often with multiple identity providers.
Related solutions that can be used together with SSO software include:
Identity and access management (IAM) software: For employee use cases, IAM software offers broader identity solutions, of which SSO is often a part. IAM software authenticates users, provides access to systems and data based on company policies, tracks user activity, and provides reporting tools to ensure employees are in compliance with company policies and regulations.
Customer identity and access management (CIAM) software: For customer use cases, CIAM software provides robust identity functionality. CIAM software enables businesses to centralize and manage customer identities, preferences, and profile information at scale, while offering customers self-registration options.
Password manager software: Password managers are secure repositories that store individual user passwords, much like a vault. SSO software is different from password managers because SSO software provides authentication prior to granting a trusted token, not an actual password, for access to an application.
SaaS operations management software: SaaS operations management software tools enable businesses to manage, govern, and secure their SaaS product portfolios; many of these tools integrate with SSO solutions to manage user permissions.
SaaS spend management software: This software enables companies to manage SaaS utilization to identify cost savings. Many of these tools integrate with SSO solutions to manage end-user utilization of SaaS subscriptions.
Software solutions can come with their own set of challenges. Issues to consider include:
Legacy applications: SSO tools may not integrate with legacy applications; a solution to overcome this may include password vaulting tools within the SSO software to provide the end user with ease of use, despite not technically functioning as SSO regarding authentication.
High availability: It is important that the SSO provider has high availability to avoid users being locked out of their systems; with applications managed centrally with an SSO solution, any downtime can prevent end users from accessing their applications and resources. If a company has mission-critical applications that must be available 24/7, many companies will not integrate these tools with SSO providers and instead log in and authenticate separately.
All companies can benefit from securing their login process to corporate assets.
Companies securing employees: Companies of all sizes that want to secure their employees’ access to corporate applications use SSO software.
Companies securing customers: Companies that want to enable their customers to provide self service to securely authenticate and login to applications use SSO software.
Companies securing partners: Companies that want to secure their partners and contractors access to corporate applications use SSO software.
Prior to selecting an SSO software service provider or solution, buyers must consider what factors are important to the company, which may include:
End-user use case: Buyers must determine who their end users are—whether employees, customers, or business partners—to determine what kind of SSO solution works best for these constituencies.
Cloud vs. on-premises application support: The buyer should determine what applications and company resources will be connected to the SSO software. For applications that need high availability (24/7), they may not wish to connect those in case of downtime with the SSO provider. Many SSO providers offer prebuilt integrations with the most popular business software. If the business has applications that are custom built, legacy, or on premises, those may need integrations built to connect with the SSO. Another workaround would be to use a password vault within an SSO solution for legacy applications that are difficult to connect.
Federation protocols: If the organization needs to integrate with multiple identity providers outside of the organization, especially for authenticating business partners, FIM can achieve this. Federation protocols include SAML 1.1, SAML2, WS-Federation, OAuth2, OpenID Connect, WS-Trust, and other protocols.
Authentication type: The company should ensure that the authentication types it’s employees, customers, or partners will use are supported by the SSO solution of choice. This may include software or hardware-token based authentication for employees and OTPs via email, SMS, or phone for customers, among many other authentication methods. Many SSO solutions now offer contextual or risk-based authentication measures to learn user behaviors, identify patterns, and thus provide risk-based assessments when the authentication process does not meet typical patterns.
Mobile app: If end users will access corporate applications from mobile devices, ensure the SSO software provider’s mobile app meets particular business needs.
Developer support: Buyers must ensure the SSO provider has the developer support the team requires, including software development kits (SDKs) and application programming interface (API) lifecycle management functions, particularly for B2C SSO use cases.
Meets security standards: SSO is a security tool providing users with authenticated access to their company resources. It is important that the SSO service provider meet security standards that are important to the company, which may include ISO 27017, ISO 27018, ISO 27001, SOC 2 Type 2, and others.
Create a long list
Buyers should create a long list of software solutions by researching on g2.com, by reading real-user reviews, seeing how vendors compare on G2 Grid® reports, and saving the software selections to “My List” to reference them in the future. Using g2.com, users can learn about which solutions are most often used in the geographic market and which ones are best for every business segment size—whether that is for small, medium, and enterprise businesses.
Create a short list
After creating a long list of vendors, buyers must do further research to narrow down the selections. Using g2.com’s compare feature, they can stack specific software up side by side to learn about how real users of the software rate their functionality. G2 also has quarterly reports showcasing users’ perception of return on investment (in months), the software provider’s average implementation time in months, usability scores, and many other factors.
Up next is time to demo the products. Many vendors enable buyers to contact them directly from g2’s website by clicking the “Get a quote” button on their product profile. Buyers must prepare for each demo by having a standard list of questions and clarifications to ask each vendor.
Choose a selection team
Single sign-on software impacts users across the business—from employees, customers, business partners, IT teams, infosec teams, and more. The company’s software selection team should include people representative of these groups. They must start with three to five people to join the selection committee and clearly define project roles.
It is important to know how many licenses are needed, as pricing often depends on the number of licenses the buyer purchases and the length of time they purchase it for. Often buyers can get discounts if they purchase large blocks of licenses for a longer duration. They must be sure to negotiate not just on price, but also implementation. Companies may be able to get free or reduced implementation services or ongoing support, as well.
Before making a final choice, buyers should check if they can get a trial run of the product to test adoption with a small sample size of users. If the tool is well used and well received, the buyer can be confident that the selection was correct.