Identity Infrastructure
One login.
Every product.
SSO.so is a self-hosted identity layer built on Keycloak. Secure every app you build with a single, unified authentication gateway.
# Add SSO to your app in minutes
curl https://sso.sso.so/realms/myproducts/.well-known/openid-configuration
{
"issuer": "https://sso.sso.so/realms/myproducts",
"authorization_endpoint": "https://sso.sso.so/realms/myproducts/protocol/openid-connect/auth",
"token_endpoint": "https://sso.sso.so/realms/myproducts/protocol/openid-connect/token",
"grant_types_supported": ["authorization_code", "refresh_token"]
}
echo "Ready"
100%
Self-hosted
0ms
Vendor lock-in
∞
Users & clients
// how it works
One gateway.
All your apps.
Your users authenticate once against SSO.so. Every app you build gets a verified identity token — no passwords, no sessions to manage.
User
Browser
── login ──▶
Identity
SSO.so
── token ──▶
Your
App A
+
Your
App B
+
Your
App N
// capabilities
Everything identity.
Nothing extra.
Built on Keycloak — the proven open-source IAM platform trusted by enterprises worldwide.
Single Sign-On
Authenticate once, access everything. Session management across all your products with a single identity token.
MFA & Passkeys
TOTP, WebAuthn, and hardware key support out of the box. Enforce strong authentication at the realm level.
User Federation
Connect LDAP or Active Directory. Sync users from any existing directory without migrating data.
Social Login
Google, GitHub, Microsoft, and more. Let users log in with what they already have.
Fine-grained AuthZ
Role-based and attribute-based access control. Define exactly who can access what, down to the resource level.
100% Self-hosted
Your infrastructure. Your data. No SaaS vendor touching your users' credentials or session data.
OpenID Connect
OAuth 2.0
SAML 2.0
PKCE
JWKS
Device Flow
Token Exchange
UMA 2.0
// get started
Ready to integrate?
Read the integration docs, grab your realm credentials, and have your first app authenticating in under 10 minutes.