Single Sign-On (SSO) allows users, who are authenticated against one application, to gain access to multiple other related applications without having to repeatedly authenticate themselves. It also allows the web applications to gain access to a set of back-end services with the logged-in user's access rights, and the back-end services can authorize the user based on different claims like the user role. An Identity Provider (IDP) is responsible for issuing identification information and authenticating users by using security tokens. WSO2 API Cloud uses WSO2 Identity Server as the default Identity provider (IDP). An organization can have it’s own IDP that provides authentication for internal users. In such scenarios, the organization can link their IDP to WSO2 Identity Cloud to provide SSO based authentication for API Cloud apps.