Single Sign-On (SSO)

SSO removes the need for users to remember per-app passwords and lets the identity provider enforce centralized password and MFA policies. The two dominant protocols are SAML (older, enterprise-standard) and OpenID Connect (newer, REST-friendlier). SSO tends to be table stakes for any SaaS contract above $5K per year, and is required for SOC 2 Type II compliance at most enterprises.