Single Sign-On (SSO)

Single Sign-On (SSO): one login for all your business apps

With LoginMaster, the European enterprise SSO solution, your users access every business application with one identity. Federation with Google Workspace and Microsoft Entra ID through SAML 2.0 and OpenID Connect, with built-in 2FA and a Tenant-Cloud architecture that keeps personal data in your tenant.

What is Single Sign-On

Single Sign-On (SSO) is the mechanism that lets a user authenticate once and access all connected applications without re-entering credentials. Instead of managing one password per service, identity is centralized in a single identity provider that issues access tokens the applications can verify.

For organizations, SSO means fewer passwords to remember, fewer helpdesk requests and a reduced attack surface. For IT it means centralized governance: provisioning, security policies and access revocation managed from a single control point. LoginMaster delivers these benefits while keeping the principle that personal data and credentials never leave your tenant.

One authentication

The user logs in once and reaches every authorized application. No more different passwords for each service, no friction throughout the working day.

Open standards

SSO based on OAuth 2.0, OpenID Connect and SAML 2.0: protocols supported by the vast majority of web and mobile applications, with no proprietary lock-in.

Centralized security

Session policies, mandatory MFA and immediate access revocation managed from a single control point, with data kept isolated in your tenant.

Why choose a European SSO provider

With LoginMaster's Tenant-Cloud architecture, your Single Sign-On runs on a fully European platform where personal data and credentials never leave your tenant—not even the provider can access them. This is the difference between a US-based SSO and a GDPR-, NIS2- and ISO 27001-compliant European SSO solution: compliance is built into the architecture, not added on top.

For finance, healthcare, public administration and energy organizations subject to EU data-residency requirements, this means you can centralize authentication without exporting identities outside your control.

SAML vs OIDC: which SSO protocol to choose

Not sure whether you need SAML or OpenID Connect? In short: choose OpenID Connect (OIDC) and OAuth 2.0 for modern web, mobile and API applications, thanks to lightweight JWT tokens and quick integration via SDK. Choose SAML 2.0 when you need to federate legacy enterprise identity providers such as Active Directory Federation Services (ADFS) or legacy applications that only support this standard.

With LoginMaster you don't have to give up either one: the same tenant configuration manages OIDC and SAML providers at the same time, so you can cover both your new and existing application estate from a single identity provider.

LoginMaster SSO in practice

Everything you need to federate business access and deliver a frictionless login experience while keeping control over security and privacy.

SSO with Google Workspace and Entra ID

Federation already available and fully integrated with Google Workspace and Microsoft Entra ID (formerly Azure AD). Your users sign in with the corporate credentials they already use every day, without managing separate passwords.

SAML 2.0 and OpenID Connect

OAuth 2.0 and OpenID Connect are the primary integration protocols; SAML 2.0 is supported for federation with legacy enterprise identity providers such as Active Directory Federation Services.

Federation and user mapping

LoginMaster handles federation toward the identity provider, user mapping and the issuance of application tokens, with user, tenant and affiliation claims contained in the JWT.

Built-in 2FA on access

Single Sign-On combines with 2FA configurable at the tenant policy level. Once a user has enabled the second factor, no administrator can disable it.

Automatic deprovisioning

When an employee's corporate account is disabled at the provider, access to services federated through LoginMaster ceases automatically. No manual revocation on every platform.

Providers enabled per tenant

Each tenant independently configures the enabled SSO providers, authorized email domains and session policies, with hybrid scenarios for internal employees, external partners and end customers.

How to enable SSO with LoginMaster

From the initial integration to the first federated login, the path to bring Single Sign-On into your applications.

  1. 1

    Connect your applications

    Integrate LoginMaster via TypeScript and .NET SDKs or REST API. Any application supporting OAuth 2.0 and OpenID Connect connects without significant architectural changes.

  2. 2

    Configure the identity provider

    Set up federation toward Google Workspace, Microsoft Entra ID or a SAML 2.0 IdP and define user mapping and authorized domains for your tenant.

  3. 3

    Define policies and 2FA

    Configure session duration, the requirement for a second factor for everyone or for specific roles, and the enabled SSO providers, according to your tenant's needs.

  4. 4

    Turn on single access

    Users sign in with their existing corporate credentials and reach all connected applications with a single login, while personal data stays in your tenant.

Bring Single Sign-On to your organization

Discover how LoginMaster federates access to your applications with Google Workspace, Microsoft Entra ID and SAML, keeping data in your tenant. Request a tailored demo.

Frequently asked questions about SSO

Single Sign-On is the mechanism that lets a user authenticate once and access all connected applications without re-entering credentials. Identity is centralized in an identity provider that issues tokens the applications can verify, reducing the number of passwords and the attack surface.

LoginMaster SSO is already integrated with Google Workspace and Microsoft Entra ID (formerly Azure AD) and supports federation with enterprise identity providers through SAML 2.0, plus OAuth 2.0 and OpenID Connect for modern applications.

OpenID Connect (OIDC) is an identity layer built on OAuth 2.0, designed for modern web and mobile applications and APIs. SAML 2.0 is a more established standard, still widespread for federation with legacy enterprise identity providers such as Active Directory Federation Services. LoginMaster supports both.

Yes. Single Sign-On combines with two-factor authentication configurable at the tenant policy level: mandatory for everyone, mandatory for specific roles or optional. Once a user has enabled the second factor, no administrator can disable it.

When the employee's corporate account is disabled at the provider (for example Microsoft Entra ID or Google Workspace), access to services federated through LoginMaster ceases automatically. There is no need to manually revoke access on every single platform.

Yes. Even with Single Sign-On, the Tenant-Cloud architecture ensures personal data never leaves your tenant and credentials are not accessible to third parties. The cloud operates only on encrypted and pseudonymized data, in full compliance with GDPR, NIS2 and ISO 27001.