SSO works based on a trust relationship between an application, known as the service provider, and an identity provider, like Okta, Azure, CyberArk, etc. This trust relationship is often based on a certificate exchanged between the identity provider and the service provider. This certificate can be used to sign identity information sent from the identity provider to the service provider so that the service provider knows it is coming from a trusted source. In SSO, this identity data takes the form of tokens that contain identifying bits of information about the user, like a user’s email address or a username.

Did this answer your question?