Konubinix' opinionated web of thoughts

Using Google as Identity Provider Is Not Doing SSO


Using an Identity Provider is not the same as doing SSO.

Indeed, signing in requires two steps: identifying the user and granting access to the system. Here, the Identity Provider fulfils only the former and leaves the granting decision to the authorization server that calls it.

In other terms, an Identity Provider is a substitute for the user/password part of signing in, but not for the policy management part.

Notes linking here