What is the difference between Federated Login and Single Sign On?

  • What is the difference between Federated Login and Single Sign On authentication methods?

  • Single Sign-on (SSO) allows users to access multiple services with a single login.

    The term is actually a little ambiguous. Sometimes it's used to mean that (1) the user only has to provide credentials a single time per session, and then gains access to multiple services without having to sign in again during that session. But sometimes it's used to mean (2) merely that the same credentials are used for multiple services; the user might have to login multiple times, but it's always the same credentials. So beware, all SSO's are not the same in that regard. Many people (me included) only consider the first case to be "true" SSO.

    Federated Identity (FID) refers to where the user stores their credentials. Alternatively, FID can be viewed as a way to connect Identity Management systems together. In FID, a user's credentials are always stored with the "home" organization (the "identity provider"). When the user logs into a service, instead of providing credentials to the service provider, the service provider trusts the identity provider to validate the credentials. So the user never provides credentials directly to anybody but the identity provider.

    FID and SSO are different, but are very often used together. Most FID systems provide some kind of SSO. And many SSO systems are implemented under-the-hood as FID. But they don't have to be done that way; FID and SSO can be completely separate too.

    Thank you. This makes much more sense to me now (I think), but only after your interpretation, as the FID wikipedia page was not resolving the difference for me. SO, BrowserID is SSO and accessing stackoverflow with a Google account is FID?

    Would it be fair to think of Google Services (Gmail, Drive, YouTube, etc) as a canonical example of SSO, and a "Login with Facebook" button on some random website as a canonical example of FID?

    That's how I would interpret it. Google Login and Facebook Login are federated identity services that provide authentication without revealing your login information to the service that you are accessing.

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM