NIST 800-53 REV 5 • IDENTIFICATION AND AUTHENTICATION

IA-2(10)Single Sign-on

Provide a single sign-on capability for {{ insert: param, ia-02.10_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Single sign-on enables users to log in once and gain access to multiple system resources. Organizations consider the operational efficiencies provided by single sign-on capabilities with the risk introduced by allowing access to multiple systems via a single authentication event. Single sign-on can present opportunities to improve system security, for example by providing the ability to add multi-factor authentication for applications and systems (existing and new) that may not be able to natively support multi-factor authentication.

Practitioner Notes

Single sign-on (SSO) allows users to authenticate once and access multiple systems without re-entering credentials — improving both security and user experience.

Example 1: Implement Azure AD SSO so employees log in once to their computer and get seamless access to Microsoft 365, Salesforce, ServiceNow, and other SAML/OIDC-integrated apps.

Example 2: Configure Okta or Ping Identity as your SSO provider, connecting all your web applications through federated authentication to reduce password fatigue.

More Identification and Authentication Controls

IA-1 Policy and Procedures IA-2 Identification and Authentication (Organizational Users) IA-2(1) Multi-factor Authentication to Privileged Accounts IA-2(2) Multi-factor Authentication to Non-privileged Accounts