SSO (Single Sign-On)

Single Sign-On (SSO) is an authentication mechanism that lets users access multiple applications or services using one set of login credentials. Instead of maintaining separate usernames and passwords for every platform, users authenticate once through a central identity provider — such as Google Workspace, Microsoft Entra ID, or Okta — and gain access to all connected tools. SSO protocols like SAML 2.0, [OAuth](/glossary/oauth) 2.0, and OpenID Connect handle the secure exchange of identity tokens between the identity provider and the service provider, eliminating the need for the service to store or manage passwords directly.

For organizations managing digital publications, SSO removes one of the biggest barriers to adoption: account creation friction. Team members avoid password fatigue, which leads to fewer weak or reused passwords. IT administrators benefit from centralized access control, making it straightforward to onboard new employees, shift team roles, or revoke access instantly when someone leaves the organization. SSO also simplifies compliance audits because access logs are consolidated in one identity provider rather than scattered across dozens of separate platforms.

FlipLink supports Google and Microsoft account sign-in, allowing users to log into the platform without creating a separate password. This simplifies onboarding for teams that already use Google Workspace or Microsoft 365. Combined with FlipLink's [team collaboration](/features/team-collaboration) features, SSO makes it easy for administrators to add team members who can start managing publications immediately. Account security is further strengthened because authentication is handled by trusted identity providers with their own [data encryption](/glossary/data-encryption) and [multi-factor authentication](/glossary/mfa) infrastructure. When a team member's access is removed from the identity provider, their FlipLink session is also invalidated.

| Aspect | SSO | Traditional Login | |---|---|---| | **Credentials** | One set for all connected apps | Separate username and password per app | | **Password management** | Handled by identity provider | User manages each password individually | | **Onboarding speed** | Instant — existing credentials work | Manual account creation per platform | | **Offboarding** | Disable one account, all access revoked | Must remember to revoke each app individually | | **Security surface** | Single, hardened auth endpoint | Multiple password databases to protect | | **User friction** | Low — one login session | High — repeated logins across tools | Traditional login still has a place for solo users or small teams that don't use an identity provider, but for organizations with more than a handful of members, SSO is the more secure and efficient approach.

SSO centralizes authentication, which makes the identity provider a critical piece of infrastructure. If the identity provider goes down, access to all connected services is blocked. Organizations should ensure their provider offers high availability and configure fallback authentication where possible. Enabling [MFA](/glossary/mfa) at the identity provider level adds a strong second layer of protection — even if credentials are compromised, the attacker still needs the second factor. Session timeouts and token expiry policies should be configured to balance convenience with security: short-lived tokens reduce the window of exposure if a session is hijacked.

1. **Choose an identity provider** — Google Workspace, Microsoft Entra ID, and Okta are the most common options 2. **Enable SSO in FlipLink** — sign in with your Google or Microsoft account from the login screen 3. **Invite team members** — use [team collaboration](/features/team-collaboration) to add members who will authenticate through the same provider 4. **Enable MFA on the identity provider** — this protects all connected apps, including FlipLink 5. **Set session policies** — configure timeout and re-authentication intervals that match your security requirements 6. **Test the offboarding flow** — remove a test user from the identity provider and confirm they can no longer access FlipLink 7. **Document the setup** — record which provider is in use, who the admin contacts are, and the process for granting or revoking access

SSO turns authentication from a per-app problem into a centralized, manageable process. For teams publishing digital content through FlipLink, it means faster onboarding, fewer password-related support requests, and a single point of control for security and access management.