A practical look at identity, sessions, OAuth 2.0, OpenID Connect, and tenant isolation.
Single Sign-On is often summarized as "log in once and access many applications." That is correct, but incomplete. A real SSO system must also answer several security questions:
Which application is requesting access?
Which organization owns that application?
Is the user allowed to use it?






