SSO: one login for all your apps
With LoginMaster Single Sign-On your users access every business application with one identity. Federation with Google Workspace and Microsoft Entra ID through SAML 2.0 and OpenID Connect, with built-in 2FA and a Tenant-Cloud architecture that keeps personal data in your tenant.
What is Single Sign-On
Single Sign-On (SSO) is the mechanism that lets a user authenticate once and access all connected applications without re-entering credentials. Instead of managing one password per service, identity is centralized in a single identity provider that issues access tokens the applications can verify.
For organizations, SSO means fewer passwords to remember, fewer helpdesk requests and a reduced attack surface. For IT it means centralized governance: provisioning, security policies and access revocation managed from a single control point. LoginMaster delivers these benefits while keeping the principle that personal data and credentials never leave your tenant.
One authentication
The user logs in once and reaches every authorized application. No more different passwords for each service, no friction throughout the working day.
Open standards
SSO based on OAuth 2.0, OpenID Connect and SAML 2.0: protocols supported by the vast majority of web and mobile applications, with no proprietary lock-in.
Centralized security
Session policies, mandatory MFA and immediate access revocation managed from a single control point, with data kept isolated in your tenant.
LoginMaster SSO in practice
Everything you need to federate business access and deliver a frictionless login experience while keeping control over security and privacy.
SSO with Google Workspace and Entra ID
Federation already available and fully integrated with Google Workspace and Microsoft Entra ID (formerly Azure AD). Your users sign in with the corporate credentials they already use every day, without managing separate passwords.
SAML 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect are the primary integration protocols; SAML 2.0 is supported for federation with legacy enterprise identity providers such as Active Directory Federation Services.
Federation and user mapping
LoginMaster handles federation toward the identity provider, user mapping and the issuance of application tokens, with user, tenant and affiliation claims contained in the JWT.
Built-in 2FA on access
Single Sign-On combines with 2FA configurable at the tenant policy level. Once a user has enabled the second factor, no administrator can disable it.
Automatic deprovisioning
When an employee's corporate account is disabled at the provider, access to services federated through LoginMaster ceases automatically. No manual revocation on every platform.
Providers enabled per tenant
Each tenant independently configures the enabled SSO providers, authorized email domains and session policies, with hybrid scenarios for internal employees, external partners and end customers.
How to enable SSO with LoginMaster
From the initial integration to the first federated login, the path to bring Single Sign-On into your applications.
- 1
Connect your applications
Integrate LoginMaster via TypeScript and .NET SDKs or REST API. Any application supporting OAuth 2.0 and OpenID Connect connects without significant architectural changes.
- 2
Configure the identity provider
Set up federation toward Google Workspace, Microsoft Entra ID or a SAML 2.0 IdP and define user mapping and authorized domains for your tenant.
- 3
Define policies and 2FA
Configure session duration, the requirement for a second factor for everyone or for specific roles, and the enabled SSO providers, according to your tenant's needs.
- 4
Turn on single access
Users sign in with their existing corporate credentials and reach all connected applications with a single login, while personal data stays in your tenant.
Bring Single Sign-On to your organization
Discover how LoginMaster federates access to your applications with Google Workspace, Microsoft Entra ID and SAML, keeping data in your tenant. Request a tailored demo.
Frequently asked questions about SSO
Single Sign-On is the mechanism that lets a user authenticate once and access all connected applications without re-entering credentials. Identity is centralized in an identity provider that issues tokens the applications can verify, reducing the number of passwords and the attack surface.
LoginMaster SSO is already integrated with Google Workspace and Microsoft Entra ID (formerly Azure AD) and supports federation with enterprise identity providers through SAML 2.0, plus OAuth 2.0 and OpenID Connect for modern applications.
OpenID Connect (OIDC) is an identity layer built on OAuth 2.0, designed for modern web and mobile applications and APIs. SAML 2.0 is a more established standard, still widespread for federation with legacy enterprise identity providers such as Active Directory Federation Services. LoginMaster supports both.
Yes. Single Sign-On combines with two-factor authentication configurable at the tenant policy level: mandatory for everyone, mandatory for specific roles or optional. Once a user has enabled the second factor, no administrator can disable it.
When the employee's corporate account is disabled at the provider (for example Microsoft Entra ID or Google Workspace), access to services federated through LoginMaster ceases automatically. There is no need to manually revoke access on every single platform.
Yes. Even with Single Sign-On, the Tenant-Cloud architecture ensures personal data never leaves your tenant and credentials are not accessible to third parties. The cloud operates only on encrypted and pseudonymized data, in full compliance with GDPR, NIS2 and ISO 27001.