How SSO works
Single Sign-On lets users authenticate once with their identity provider (Microsoft Entra for a typical Australian Microsoft 365 tenant) and access every connected application — Microsoft 365 apps, SaaS apps integrated via SAML or OIDC, line-of-business apps via app proxy — without re-entering credentials. The protocols (SAML, OpenID Connect, OAuth) carry the assertion of identity and entitlement from Entra to the application.
Why SSO matters for security and Zero Trust
SSO is the foundation control for Zero Trust. With every authentication routed through Entra, Conditional Access can apply the same risk-based policy across every connected app — block from non-compliant device, require MFA on first sign-in, block legacy auth protocols. Without SSO, every SaaS app has its own login and the security controls fragment. For Australian tenants, getting all sanctioned SaaS into the Enterprise Apps gallery is typically the highest-leverage 30-day security project after MFA is in place.