Single Sign-On Examples - Inspiration & Best Practices

Single Sign-On (SSO) allows users to access multiple applications with one set of credentials. This not only improves the user experience but also strengthens security through centralised identity management and the elimination of weak passwords. For organisations with dozens of applications, SSO is indispensable for ensuring both productivity and security. In these examples, we show how organisations have successfully implemented SSO using protocols such as SAML, OAuth 2.0, and OpenID Connect.

Enterprise SSO with Azure AD for a financial institution

A financial institution with 2,000 employees implemented SSO via Azure Active Directory using SAML 2.0. Employees log in once to their workstation and automatically gain access to over 40 internal and external applications. Multi-factor authentication is mandatory, and conditional access policies automatically block suspicious login attempts. The result is a dramatic reduction in helpdesk tickets for password resets.

• SAML 2.0 integration with Azure AD as identity provider
• Conditional access policies based on location, device, and risk score
• Mandatory MFA for all users with hardware tokens for administrators
• Automatic provisioning and deprovisioning via SCIM

SSO for a multi-tenant SaaS platform

A SaaS company built SSO support into their platform so enterprise customers can connect their own identity provider (IdP). Each customer configures their own SAML or OIDC connection, allowing their employees to seamlessly log in through their existing corporate account. This eliminated the need for separate passwords and significantly accelerated onboarding of new enterprise customers.

• Multi-IdP support per tenant for maximum flexibility
• Self-service SSO configuration for enterprise customers
• Support for both SAML 2.0 and OpenID Connect
• Just-in-time user provisioning on first SSO login

SSO for an educational institution with student portal

A university implemented SSO so students and lecturers can access the learning platform, email, library system, and scheduling with one account. The implementation uses OpenID Connect with the existing LDAP directory as the source. Students only need to log in once at the start of the day and switch effortlessly between all academic applications.

• OpenID Connect integration with existing LDAP directory
• Role-based access for students, lecturers, and administrators
• Session management with automatic timeout after inactivity
• Federated SSO with partner institutions via eduGAIN

Multi-brand SSO for a media company

A media company with five brands implemented a central SSO system allowing customers to log in to all brand websites and apps with one account. The technical implementation combines OAuth 2.0 with a custom identity service that shares profile data between brands with explicit user consent. Cross-brand personalisation provides relevant content recommendations regardless of which brand the user visits.

• OAuth 2.0-based central identity system for five brands
• Consent management for data sharing between brands
• Unified customer profile with privacy-compliant data sharing
• Cross-brand personalisation and content recommendations

Key takeaways

• SSO reduces password-related helpdesk tickets by an average of 50-70% and increases employee productivity.
• Multi-factor authentication combined with SSO offers the best balance between security and usability.
• Enterprise SaaS platforms need SSO support to attract and retain large customers.
• Automatic provisioning and deprovisioning via SCIM prevents orphaned accounts and security risks.

How MG Software can help

MG Software implements SSO solutions that seamlessly integrate with your existing identity providers and applications. Whether you need SAML, OAuth 2.0, or OpenID Connect — we configure secure and user-friendly authentication flows. Our experience with enterprise-grade security implementations guarantees a robust and scalable solution.