Single Sign-On (SSO)
An authentication method that lets users access multiple applications with one set of login credentials via identity federation protocols like SAML or OpenID Connect.
Synonyms: saml, oidc, federated login, enterprise sso
SSO integration lets organizations control access to Work, Studio, Admin, and related governed workspaces without managing separate passwords for every product surface. A robust implementation supports Just-In-Time user provisioning, role mapping, optional SCIM lifecycle automation, enforced session policies, and audit logging of authentication events. Properly isolating tenant metadata while sharing infrastructure keeps multi-tenant shell access secure and operationally manageable.
Frequently asked questions
Why does SSO matter for shell-and-pack platforms?
It centralizes identity, enforces enterprise security policies (MFA, conditional access), and accelerates user provisioning across shells, packs, and governed workspaces.
SAML vs OIDC?
SAML is XML-based and common in older enterprise stacks; OIDC (built on OAuth2) is lighter and modern. Supporting both maximizes compatibility with customer IdPs.