APIs & Authentication

What is SSO?

Single Sign-On, a session and user-authentication scheme that lets one login grant access to multiple independent applications.

Also known as: single sign-on

Single Sign-On consolidates "log in once, then access everything" by delegating authentication to a central identity provider. Instead of every app keeping its own password database, the user authenticates once with the IdP (Okta, Azure AD, Google Workspace) and downstream apps trust a signed token (SAML assertion or OIDC ID token) that names the user.

For users, SSO means fewer passwords and faster onboarding. For IT, it means a single revocation point: deactivate the IdP account and access to every connected SaaS tool stops within a session lifetime. For SaaS vendors, "SAML/OIDC SSO" is a checkbox feature that gates enterprise deals because procurement teams will not buy software they cannot revoke centrally.

SSO is sometimes confused with social login ("Sign in with Google") which is technically the same protocol family (OIDC) but with public IdPs. Enterprise SSO is the same plumbing pointed at a corporate IdP, with provisioning, group-based access, and audit logs that a consumer flow does not need.

In the wild

  • An employee logging into Slack, Notion, and Figma after one Okta authentication
  • A B2B SaaS gating "SSO" behind an Enterprise plan so it can charge more
  • A user provisioning script that creates accounts on demand the first time someone arrives via SAML

How Brand.dev uses sso

Endpoints in the Brand.dev API where this concept comes up directly.

Company Data API

FAQ

SSO vs SAML vs OIDC?

SSO is the user-facing pattern; SAML and OIDC are the protocols that implement it. Most enterprise tooling supports both; consumer-facing logins almost always use OIDC.

Why is SSO an enterprise feature?

Provisioning, deprovisioning, audit, and integration cost. Vendors charge for it because the buyers are large IT teams and the alternative (per-user password management) does not scale.

What is the SSO tax?

The (often steep) markup vendors put on plans that include SSO. Movements like sso.tax catalog the worst offenders. The usual justification is that SSO buyers are more lucrative; the usual rebuttal is that SSO is table-stakes security.

Related terms

SAML

Security Assertion Markup Language, an XML-based standard for exchanging authentication and authorization data between an identity provider and a service provider.

OAuth

A protocol that lets users grant a third-party app limited access to their data on another service, without sharing their password.

JWT

A JSON Web Token, a compact, signed piece of JSON used to convey claims (who the user is, what they can do) between systems.

API Key

A secret string that identifies and authenticates a client when calling an API, usually passed in a header on each request.

All glossary terms

Ship an agent that actually knows things.

Free tier, 10-minute integration, and the same API powering agents at Mintlify, daily.dev, and Propane. No credit card to start.

Get API Access
Book a call