This documentation is for WSO2 API Manager 2.5.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

Single signSign-on On (SSO) enables users to provide their credentials once and obtain allows users, who are authenticated against one application, to gain access to multiple other related applications . The users are not prompted for their credentials when accessing each application until their session is terminated. Additionally, the user can access all these applications without having to log into each one of them individually. So, if users log into application A, for example, they would automatically have access to application B as well for the duration of that session without having to re-enter their credentials. In without having to repeatedly authenticate themselves. It also allows the web applications to gain access to a set of back-end services with the logged-in user's access rights, and the back-end services can authorize the user based on different claims like the user role. In WSO2 API Manager, you can enable SSO by using either SAML2 or OAuth2 OpenID Connect (OIDC).


A claim is a piece of information about a particular subject and it is an attribute of the user that is mapped to the underlying user store. A claim can be anything that the subject is owned by or associated with, such as name, group, preferences, etc. A claim provides a single and general notion to define the identity information related to the subject. A set of claims is called a dialect (e.g., )

The following sections explain more details on how you can use SSO in WSO2 API Manager.