# Single Sign-on Overview

Single sign-on (SSO) is defined as login once, logged in all apps. If you have multiple mobile apps or websites that wants to streamline the user experiences. You can configure your apps to turn on the SSO feature, so the end-users only have to enter their authentication credentials once.

There are multiple ways to achieve Single Sign-on, with various pros-and-cons:

|                                                 | Related Feature                                                                                                                           | Technical Remarks                                                                                             |
| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- |
| SSO between Websites with the same apex domain  | [Cookie-based Deployment](/get-started/backend-api.md#forward-cookie-in-http-header)                                                      | Requires all of the websites with the same "root domain" (e.g. app1.**example.com** and app2.**example.com**) |
| SSO between Mobile Apps and Browsers            | [SSO between Mobile App / Websites](/authentication-and-access/single-sign-on/sso-with-mobile-app-web-spa.md)                             | Requires the use of `ASWebAuthentication` and `Custom Tab` on iOS/Android respectively                        |
| SSO between two independent mobile apps         | [App2App Login](/authentication-and-access/single-sign-on/app2app-authorization.md)                                                       | Based on OIDC App2App                                                                                         |
| SSO from a Mobile App to Website                | [Pre-Authenticated URLs](/authentication-and-access/single-sign-on/pre-authenticated-urls.md)                                             | Open a URL from Mobile App and pass the user session along, based on OIDC Token Exchange                      |
| SSO between Mobile Apps from the same publisher | <p>Keychain Sharing / Android Account Manager<br><br>(<a href="https://www.authgear.com/schedule-demo">Contact us</a> if you need it)</p> | Requires both apps published by the same publisher from App Store.                                            |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.authgear.com/authentication-and-access/single-sign-on.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.