Single Sign-On (SSO)
One login, every tool. SSO means an employee authenticates once with their company's identity provider, and that single login unlocks every connected application — no separate password to remember for each one.
Definition
Single Sign-On (SSO) is an authentication method that allows a user to log into multiple separate applications using one set of credentials, managed centrally by a single identity provider, rather than maintaining a separate username and password for every individual tool they use. Once a user authenticates with the identity provider — typically their organisation's primary login system — they are automatically granted access to every connected application without logging in again for each one.
How SSO Works, Step by Step
- A user attempts to access an application — the service provider — such as a shared link management platform
- Instead of presenting its own password prompt, the application redirects the user to the organisation's identity provider (such as Okta, Microsoft Entra ID, or Google Workspace)
- The user authenticates with the identity provider — entering their single set of company credentials, often combined with multi-factor authentication
- The identity provider issues a secure, time-limited token confirming the user's verified identity
- The original application receives this token, trusts it, and grants the user access — without ever asking for a separate password of its own
This exchange is most commonly implemented using the SAML (Security Assertion Markup Language) or OpenID Connect (OIDC) protocols — the technical standards that define exactly how identity tokens are formatted, signed, and exchanged securely between the identity provider and each connected application.
SSO vs Separate Logins for Every Tool
| Without SSO | With SSO | |
|---|---|---|
| Logging in | A separate username and password for every tool | One login, automatically extended to every connected tool |
| Offboarding an employee | IT must locate and deactivate the account in every individual tool separately | Deactivating the one identity provider account revokes access to everything simultaneously |
| Password security | Risk of weak or reused passwords across many separate logins | Strong authentication policy (MFA, password rules) enforced consistently at one central point |
| User experience | Password fatigue, frequent "forgot password" friction | One set of credentials to remember and manage |
Why IT and Security Teams Require SSO
The single most significant operational reason organisations require SSO for the tools their employees use is centralised access revocation. The moment an employee leaves an organisation, disabling their one identity provider account immediately and simultaneously cuts off their access to every connected application — the shared link management platform, the CRM, the project management tool, the email system — all at once.
Without SSO, an IT team must separately track down and individually deactivate that departing employee's account in every single tool they had access to. This process is slow, frequently incomplete, and a recurring source of security exposure: forgotten accounts in lesser-used tools remain active long after someone has left, representing exactly the kind of unmonitored access that security audits and compliance reviews are specifically designed to catch.
SSO and Shared Link Management Platforms
For a team managing shared, branded short links, custom domains, and campaign infrastructure, SSO becomes particularly important once the team grows beyond a handful of people. A shared link platform with administrative access to a company's branded domain represents meaningful access that should be governed by the same centralised identity and offboarding controls as any other business-critical system — not managed through individually issued credentials that are easy to lose track of as a team scales.
For the current status of SSO support and which identity providers are compatible with Cuttly's Team plan, reviewing Cuttly's up-to-date documentation or contacting support directly is recommended, since enterprise authentication capabilities are an area of active product development.
Related Terms
FAQ
What is Single Sign-On (SSO)?
An authentication method letting a user log into multiple applications with one set of credentials, managed by a central identity provider, instead of a separate password for every tool.
How does SSO actually work?
A user authenticates once with the organisation's identity provider, which issues a secure token to the application requesting access — the application trusts the token and grants access without ever requesting its own separate password.
Why do organisations require SSO for the tools their employees use?
Centralised access revocation is the primary reason — deactivating one identity provider account immediately cuts access to every connected tool simultaneously, rather than requiring separate deactivation in each individual application.
Does Cuttly support SSO for team accounts?
Check Cuttly's current documentation or contact support for the latest status on SSO support and compatible identity providers, as enterprise authentication features are actively developed.
- ← Encyclopedia Index
- Teams & Collaboration
- Teams & Roles
- Team Workspaces
- Team Communicator
- Approvals & Governance
- Audit Log
- In Cuttly
- Plans & Pricing (Team)
- Support
URL Shortener
Cuttly simplifies link management by offering a user-friendly URL shortener that includes branded short links. Boost your brand’s growth with short, memorable, and engaging links, while seamlessly managing and tracking your links using Cuttly's versatile platform. Generate branded short links, create customizable QR codes, build link-in-bio pages, and run interactive surveys—all in one place.
Cuttly More Than Just a URL Shortener
Cuttly is a comprehensive, ever-evolving platform for link shortening that combines innovation and user-friendliness to deliver a seamless experience in managing and shortening URLs.
