By NHI Mgmt Group Editorial TeamPublished 2026-01-29Domain: Governance & RiskSource: Curity

TL;DR: Single sign-on is framed as an authentication layer that spans web, mobile, admin, and AI agent use cases, with OpenID Connect used to preserve identity across systems and sessions, according to Curity. The governance issue is that SSO makes access easier to extend, so IAM teams must separate user convenience from lifecycle control and privilege scope.


At a glance

What this is: This is a Curity roundup on single sign-on patterns, especially how SSO works across web, mobile, admin, and AI agent use cases with OpenID Connect.

Why it matters: It matters because SSO decisions shape session control, trust boundaries, and lifecycle governance across human users, workloads, and emerging agentic identities.

👉 Read Curity’s SSO guidance for web, mobile, and AI agent use cases


Context

Single sign-on is often treated as a user-experience topic, but the real governance question is how identity persists once authentication succeeds. In practice, SSO shifts the control point from repeated login prompts to the rules that govern session duration, authentication strength, and downstream access across systems.

Curity’s article collection is broad enough to cover human web access, mobile clients, administrative use cases, and AI agents using OpenID Connect. That makes the underlying issue an identity architecture question, not just an authentication pattern: who or what receives the session, how long it lives, and what authority is inherited after the initial sign-in.


Key questions

Q: How should security teams govern single sign-on for AI agents?

A: Security teams should govern AI agent SSO as workload identity, not as human authentication with a different front end. That means tying the agent to scoped claims, short-lived sessions, explicit tool audiences, and lifecycle offboarding. OpenID Connect can carry the identity, but governance must define what the agent may access and when access ends.

Q: Why does SSO create governance risk if the session is too broad?

A: A broad SSO session can propagate access across many systems after the original authentication event, so revocation becomes harder and the blast radius grows. If one central session unlocks too many downstream applications, identity assurance and authorisation drift apart. Teams should align session scope with business function and sensitivity.

Q: What do IAM teams get wrong about SSO and application sessions?

A: IAM teams often assume that signing out of one app ends the identity relationship everywhere, but an SSO session may still be valid elsewhere. That creates inconsistent logout and inconsistent step-up behaviour. The fix is to design central and local session policies separately and test revocation end to end.

Q: How can organisations decide whether an SSO design is suitable for AI agents?

A: An SSO design is suitable for AI agents only if the identity can be constrained like any other workload, with bounded audience, short-lived credentials, and clear offboarding. If the design depends on human assumptions such as interactive login, it is a poor fit. The safest models treat the agent as a managed non-human identity.


Technical breakdown

How single sign-on preserves identity across systems

Single sign-on lets one successful authentication event be reused across multiple applications, usually by issuing a token or session that other systems trust. The key architectural distinction is that the identity is not re-entered at every target system, but carried forward through a shared trust relationship. OpenID Connect is commonly used because it provides a standard identity layer on top of OAuth 2.0, which helps applications validate who authenticated and under what conditions. That convenience also concentrates risk if the session, token, or browser context is compromised.

Practical implication: teams should treat the original authentication event as the first control point, not the last.

SSO sessions are not the same as application sessions

An SSO session is the central identity session that can enable access across multiple services, while an application session belongs to one specific app. They can have different lifetimes, different renewal rules, and different revocation behaviour. This distinction matters because users may appear signed out of one app while still holding a valid central identity session elsewhere. For practitioners, session design is where authentication policy becomes operational governance, especially when session duration, re-authentication, and step-up rules must differ by sensitivity level.

Practical implication: separate SSO session policy from app session policy so revocation and step-up decisions are predictable.

Why AI agents need a different SSO model

AI agent SSO changes the problem because the authenticated subject is not a person, yet it still needs a bounded identity, a trust chain, and auditable access to tools and APIs. If the agent can act independently, the question is no longer only whether a human authenticated, but whether the agent’s runtime identity is governed across tools, scopes, and session boundaries. OpenID Connect can provide the federation layer, but it does not by itself define least privilege, lifecycle offboarding, or safe delegation for autonomous execution.

Practical implication: align agent sign-in with workload identity controls, not human login assumptions.


NHI Mgmt Group analysis

SSO is becoming an identity distribution layer, not just a login convenience. Once authentication is centralised, the real control question becomes how far the resulting identity can travel across applications, APIs, and agents. That changes SSO from a UX feature into a governance mechanism that influences blast radius, session persistence, and revocation reach. Practitioners should treat it as an access propagation problem.

SSO for AI agents exposes the assumption that only humans need federated sign-in. That assumption breaks when non-human actors must obtain identity, present claims, and inherit access in a standard way across systems. Curity’s framing shows that the same federation patterns now apply to software actors as well as people, which means lifecycle, scope, and trust boundaries need to be evaluated by actor type. Practitioners should stop treating federation as human-only.

Session lifetime is the hidden policy layer in many SSO designs. Authentication may look complete at login time, but the operational risk sits in how long the session remains usable, how renewal works, and when step-up is triggered. That makes session policy a governance decision, not merely a technical setting. Practitioners should review session duration as part of access design, not as a UX preference.

OpenID Connect standardises trust, but it does not solve entitlement governance. A federated identity token can prove authentication, yet it does not tell you whether the subject should keep access after context changes, role changes, or workload changes. This is where IAM, lifecycle, and PAM governance must stay separate from the protocol layer. Practitioners should not confuse federation with authorisation control.

Named concept: identity propagation gap. SSO can carry identity cleanly from one system to another while leaving lifecycle rules, revocation timing, and privilege boundaries inconsistent across the target applications. That gap is where governance failures hide, because authentication succeeds while control drift accumulates. Practitioners should map where identity is reused faster than it is governed.

From our research:

  • 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, according to Ultimate Guide to NHIs.
  • Only 5.7% of organisations have full visibility into their service accounts, which means many federated access paths are still being governed blind.
  • Read the Top 10 NHI Issues for a broader view of sprawl, visibility, and over-privilege across machine identities.

What this signals

Identity propagation gap: teams will keep seeing SSO as a login pattern until they map where one session quietly expands across apps, APIs, and agents. That mapping belongs in access governance, not only in architecture diagrams.

The practical shift is to treat federation, session duration, and offboarding as one control plane across humans and non-human actors. Curity’s topic mix reinforces that the same identity fabric now needs actor-specific policy rather than one universal SSO default.


For practitioners

  • Separate SSO session policy from application session policy Define when the central identity session should outlive, match, or terminate an application session, and make re-authentication depend on sensitivity rather than convenience. Use different controls for web, mobile, admin, and agent use cases.
  • Apply actor-type governance to federated identities Classify each SSO subject as human, workload, or agent before choosing claims, token lifetime, and offboarding rules. Do not reuse a human SSO pattern for an AI agent just because both rely on OpenID Connect.
  • Review token renewal and revocation paths Test what happens when access should end but the identity session is still valid, including browser sessions, refresh tokens, and downstream app caches. Rehearse revocation across every relying party that consumes the same identity.
  • Bind AI agent access to explicit workload controls Give agent identities scoped access through workload identity patterns and limit tool reach by session, context, and audience. Treat autonomous runtime access as something that must be bounded at issuance, not trusted after sign-in.

Key takeaways

  • SSO centralises authentication, but the governance risk lives in how far the resulting identity can propagate.
  • AI agent SSO cannot rely on human login assumptions because the subject is a managed runtime identity, not a person.
  • Teams should separate central session policy, application session policy, and offboarding so revocation works across every relying party.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST SP 800-63 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
NIST SP 800-63SSO depends on digital identity assurance and federation behaviour.
NIST Zero Trust (SP 800-207)PR.AC-7Continuous verification is relevant where SSO sessions persist across systems.
OWASP Non-Human Identity Top 10NHI-02AI agent and workload SSO creates non-human identity governance requirements.

Apply identity assurance and federation controls to match session strength with the access being granted.


Key terms

  • Single Sign-On Session: The central identity session that lets a subject access multiple systems after one authentication event. It is not the same as an individual application session, and it can create broader revocation and renewal risk if its lifetime exceeds the controls applied by downstream services.
  • OpenID Connect: An identity layer built on OAuth 2.0 that lets applications verify who authenticated and receive identity claims in a standard format. In SSO designs, it is often the protocol that carries trust across systems, but it does not decide entitlement scope or lifecycle policy.
  • Federated Identity: An identity that is trusted across more than one system or domain through a shared authentication relationship. Federation reduces repeated logins, but it also makes session scope, token lifetime, and revocation consistency essential to governance.

What's in the full article

Curity's full article collection covers the operational detail this post intentionally leaves for the source:

  • Implementation examples for SSO on web, mobile, and administrative clients using OpenID Connect
  • Guidance on session prompting and authentication-method-specific SSO behaviour
  • Practical distinctions between SSO sessions and application sessions
  • Options for securing AI agents with a Single Sign-On Service

👉 Curity’s full article set covers implementation examples, session handling, and OpenID Connect usage in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-01-29.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org