Is SSO the Same as SAML?
Security Boulevard, Wednesday, February 11th, 2026
Ever had a meeting where someone used "SSO" and "SAML" like they're the same thing? It happens all the time, even among senior devs, but it's technically a bit off.
Think of it like this: sso is the destination (the user experience of only logging in once), while saml is one of the engines (the actual protocol) that gets you there. You can have sso without saml-using OIDC (which is a modern JSON/REST-based alternative to the bulky XML stuff) or even older header-based auth-but in the enterprise world, they're usually joined at the hip.