How is Single Sign-On (SSO) related to external authentication? - How is Single Sign-On (SSO) related to external authentication? - Alfresco - Alfresco Content Services - Alfresco/Alfresco-Content-Services/23.4/Alfresco-Content-Services/Administer/Manage-Security/Authentication-and-sync/Configure-authentication-subsystems/Configure-external-authentication/External-authentication-and-SSO/How-is-Single-Sign-On-SSO-related-to-external-authentication - 23.4

How is Single Sign-On (SSO) related to external authentication? - How is Single Sign-On (SSO) related to external authentication? - Alfresco - Alfresco Content Services - Alfresco/Alfresco-Content-Services/23.4/Alfresco-Content-Services/Administer/Manage-Security/Authentication-and-sync/Configure-authentication-subsystems/Configure-external-authentication/External-authentication-and-SSO/How-is-Single-Sign-On-SSO-related-to-external-authentication - 23.4 - 23.4

Alfresco Content Services

Platform

Alfresco

Product

Alfresco Content Services

Release

23.4

License

ft:lastPublication

2026-04-22T22:35:19.567073

ft:locale

en-US

SSO is a property of an authentication scheme. You can use more than one method to set up SSO. For example:

If you’re using Kerberos, you can use either the kerberos authentication subsystem, or the external authentication subsystem with a proxy that handles Kerberos authentication.
If you’re using CAS, you must use the external authentication subsystem with a proxy that handles CAS authentication.

In summary, external authentication and SSO are not interdependent: you can set up external authentication that is not SSO (for example, using an Apache proxy with a mod_auth_basic setting), and you can set up an SSO system that is not using the external authentication subsystem (for example, using the kerberos authentication subsystem).

See Authentication subsystem types for a listing of the authentication subsystems and the features that they support.