SSO (single sign-on) means employees log in once — usually with their Microsoft or Google account — and automatically get access to all connected applications. One identity, one password, one place to manage access.

SSO in practice

The gain is in management and security at the same time. For employees the list of passwords disappears; for the organisation there is one central place where access is granted and revoked. That last point matters most: at offboarding you disable one account and with it every connected system at once — no forgotten accounts that turn out to still be active months later.

SSO works best in combination with MFA and conditional access: one strong front door instead of ten weak ones. Setting this up is a standard part of Microsoft 365 management.

Related terms

  • MFA — MFA (multi-factor authentication) is logging in with a second proof alongside your password — usually an approval or code in an app on your phone.
  • Conditional access — Conditional access is a security mechanism that assesses per login attempt whether it is allowed, blocked or asked for extra verification — based on who is logging in, from which device, from which location and with what risk.
  • OAuth — OAuth is the open standard that lets you give an application access to your data in another system, without sharing your password.
  • Tenant — A tenant is your own, isolated environment within a cloud service such as Microsoft 365 or Google Workspace: all the users, mailboxes, files, settings and security rules of your organisation together.

Further reading

Part of the RiverFlows glossary · Updated . Missing a term? Let us know.