Single Sign-On (SSO) Authentication Solutions

Provide exceptional login experiences and no compromise security with superior single sign-on solutions for your customers, applications, services, and workforce

What Is Single Sign-On (SSO)?

Single sign-on, commonly referred to as SSO, is the foundation of access management that eliminates the need for multiple passwords, user profiles, and the added complexity that frustrates users and slows multi-application adoption. When combined with SAML-based federated identity, ForgeRock can be leveraged to provide a wide range of flexible SSO options to manage user authenticated access to both local applications as well as cloud-based providers, such as Salesforce or Google.

Today’s digital economy has changed how you interact with your workforce, consumers, and technologies. You need to provide seamless, secure account access from anywhere, anytime, making SSO a fundamental requirement and expectation for conducting digital commerce.

Partnering with ForgeRock, you can support exceptional login experiences with single sign-on (SSO) to your applications and services for any identity type. Whether you manage multiple brands under different domains, sub-domains, and applications, or your users need access to and from a variety of devices, ForgeRock's SSO solution provides seamless user experiences with the highest level of security.

What is Single Sign-On?

Leverage Comprehensive Single Sign-On Powered by Access Management

Providing a unified and fluid SSO experience is important in today’s omnichannel world. Powered by ForgeRock Access Management, you can provide the same SSO authentication experience for all your mobile applications, single-page applications, APIs, and services.

ForgeRock SSO enables you to: 

  • Sign users in once and allow them access to all authorized systems, regardless of which application they logged into first.

  • Provide a variety of flexible options for SSO, from cross-domain SSO for a single organization to an SSO solution across multiple organizations.

  • Support multiple options for policy enforcement and protecting resources, including policy agents that reside on application or web servers.

  • Use built-in security token service (STS) as a multi-protocol hub, translating for providers who rely on other or older standards.

  • Secure legacy applications with the latest strong authentication technologies, without changing a line of code.

Learn More About Access Management


Customer Story: Macy’s Develops a Frictionless Password Management Workforce Experience

Watch this session from Identity Live in Austin, Texas, and learn how Macy’s Inc. engaged Deloitte to deploy a digital password reset portal for its corporate and store employees, contractors, and partners using ForgeRock technology. Macy’s also shares how it used NIST Digital Authentication guidelines as a template for developing a password reset capability to create a frictionless single sign-on user experience.


Grow Your Business With Federated SSO and Open Standards

Federated single sign-on (SSO) gives you the ability to grow your business and competitive advantage by ensuring frictionless, secure account access to users outside your organization, including citizens, customers, and partners. 

Federated SSO relies on open standards, such as OAuth, WS-Federation, WS-Trust, OpenID Connect, and SAML, to pass authentication tokens between your identity providers. The ForgeRock Identity Platform comprises a multitude of standards-based components and is built on a common framework using best-in-class open technologies. 

ForgeRock is involved in standards development and adopts the latest standards as they are released, allowing you to meet current demands ahead of the competition.

Learn More About Federated SSO

Modernize Legacy IAM and SSO With Ease

The identity and access management (IAM) landscape has drastically changed in recent years. However, most organizations have large investments in legacy IAM and SSO systems. These systems have not kept pace with the changes and lack the flexibility to scale beyond traditional employee use-case scenarios. 

As more people, devices, and things are assigned identities across networks, you need modern IAM services that are simple, flexible, and scalable, and designed to quickly verify identities and access privileges. 

ForgeRock provides such an approach to IAM and SSO, enabling you to coexist, consolidate, or retire your disparate, legacy identity management systems, such as CA Single Sign-On (SiteMinder), Oracle, IBM, or homegrown solutions.

Learn More


Migration Guide

 Let Go of Legacy Solutions

Migrate from CA Single Sign-On (SiteMinder SSO) to ForgeRock Identity Platform.

Customer Story

Integrating Federated SSO With Legacy Architecture

PLUS Retail uses the ForgeRock Identity Platform to deliver a better customer experience and drive revenue.

Intelligent Access

Simple and Secure Authentication

Easily configure, measure, and adjust login journeys using digital signals including device, contextual, behavioral, user choice, and risk-based factors. 


ForgeRock Workforce SSO

ForgeRock Access Management provides multiple mechanisms for workforce single sign on (SSO), whether the requirement is to enable SSO in a single domain, enable cross-domain SSO for a single organization, or enable SSO across multiple organizations through the Federation Service. Access Management supports multiple options for enforcing policy and protecting resources, including policy agents that reside on web or application servers.

Learn More About ForgeRock Access Management

ForgeRock Employee to Cloud Single Sign On

To enable employees to access external cloud apps such as Salesforce or Google, SAML-based federation can be used to provide a range of flexible single sign on options to many cloud based providers. ForgeRock Access Management can act as both an identity provider or service provider, with simple wizards to set up out of the box features in minutes. More complex and custom configurations are easily catered for, with plug-in extension points available at numerous parts of the cloud SSO lifecycle.

Learn More About Federated SSO

ForgeRock Consumer SSO

For consumer SSO, many mobile and single page application integrations are based on OAuth2 and OIDC.  ForgeRock provides a range of out of the box default configuration options for enabling OAuth2 in modern web and native applications, such as SDK’s and helper libraries. ForgeRock Access Management supports a range of powerful OAuth2 features such as support for Dynamic Client Registration and Management, Proof Key for Code Exchange, and Customizable Access Tokens which all aid modern API-based integration. Sample integrations for things like single page apps are available via the appauthhelper library.

Learn More About Federated SSO

Next Generation Policy Agents

Resources are protected through the use of policy agents. A number of agents are available for common resources, including web servers and J2EE applications. These agents interface with ForgeRock Access Management to request authorization decisions, allowing or denying access to underlying resources as directed.

Learn More About ForgeRock Access Management

ForgeRock Identity Gateway for Single Sign On

ForgeRock Identity Gateway is a reverse proxy that can be configured to protect any web application running on any other technology. It can also protect APIs that may need to be exposed to customers and partners. As it intercepts requests before they reach the protected application, the gateway integration is agentless with little or no changes required on the protected app. Identity Gateway verifies the authenticating user, determines the requirements of the destination and provides the required information, e.g. HTTP headers, cookie, form fill, JWT, certificate, etc.

Learn More About ForgeRock Identity Gateway

Blog Posts


IAM 101: Single Sign On (SSO)

The what, why, and how for those new to SSO, identity and IAM.


IAM 101: Federation and Federated SSO

What It Is, Why It’s Important, and How It Enables Our Online Lives.


The Science and Art of Designing the Login Journey

Why the user login journey matters.