There has been a lot of controversy about the two terms. Some even think that these words are one and the same. Looking at the concepts that they both stand to mean, they could be so confusing to someone who has not yet known how to differentiate them. With too many of the other authentication products in the market, the confusion increases even more, especially because they also tend to implement both. It is, therefore, necessary to know what the duo are and any slight differences that you need to know before you find yourself also in the same boat with the rest.

Single Sign-On

Single Sign-On (SSO), refers to the session and the user authentication service which lets the user use only one set of their login information. These could be in the form of their name or even password details to access several applications. This service then grants the user authentication to all the applications which they have rights to use.

It also cancels any other prompt that may come up especially when the user is already in an active session with the application. This one also come in to help the user with any of the logging activities at it monitors the account for the user. During the regular SSO web service, the agent module that is in the application server retrieves the unique authentication details for that individual user stored in the SSO policy server. As this is done, the user is also authenticated against the repository user directory like the lightweight directory access protocol, LDAP.

Again, some of the services associated with SSO also use Kerberos protocol as well as the security assertion markup language, SAML. This is usually an XML standard that ensures exchange of a secure authorization and authentication data across the domain that is also secure. This service also incorporates the communication happening between the Identity provider and the user as well as maintaining service provider and the user directory.

Even if Single Sign-On is so convenient to most of its users, it has its flaws especially to the security of the enterprise. In a case of a skilled attacker, the attacker could end up gaining control over the SSO credentials that the user had rights over. This could further increase the risk and potential damage. To avoid such an occurrence, each aspect of the SSO implementation ought to be integrated with an Identity Governance. If you are an organization, it could be wise for you to make good use of the Two-Factor Authentication, 2FA, or use the Multi factor Authentication, MFA, to further boost your security.


This one benefits you as the user by making your access simplified, eases the support load for the company. For the setup, this one operates in two different techniques mainly: the SSO management using the agents in the protected application and SSO management upstream which uses the web-based proxy in reverse to control the authentication data.

Federated identity

This is the means of linking the electronic identity of a user as well as their attributes that are stored across many different Identity management systems. This one involves having some set guidelines to manage the user's identity. It also describes some standards that can enable portability of the identity of the user across several security domains.

Even though, as the end user, you have to produce your credentials to each of the participating resources available. In simple terms, the federated identity system is solely based on a single credential store though it may also use other methods of implementations such as the synchronization of passwords.

Using federated identity system comes with its advantages too. It reduces the overhead cost by just eliminating the requirement of scale one-off. Another part of this benefit is reducing the risk through enabling identity by the organization and further authenticating its user once. This could also be used in many systems such as the external partner websites.

Federated Identity can also improve the compliance of privacy by only allowing the user of the system to have control over the information they want to be shared. Another point to note is that it can significantly improve the experiences of the end user through eliminating that need to have a new account registered automatically. This system is also evolving and could sometimes involve user-user or even user- application or even application- application. It could also include the high security and high-trust cases and also low-trust, low-security cases.

The different levels of this system may need a certain scenario standardized through an open and the common identity assurance framework. Something that will remain to stand out as consistent, though, is the fact that the term federation merely describes various methods of an identity portability that's arrived at in an open manner.

Federated identity can, therefore, be achieved by several ways that also form the basis of its technology. These could include specifications such as security assertion markup language, SAML, openID, Information Cards and many other specifications.


In conclusion, the above information is at this moment to help you as an individual to know the real difference that exists between the two closely related words. It is for this reason therefore that once you go through this piece of information, you can easily identify the similarities that the two terms share especially regarding the technology they both use. Making a choice is now boosted by some solid information.

Source by Prince Kapoor