Single sign-on (SSO) is the authentication pattern where one set of credentials gives a user access to multiple systems without re-authenticating at each one. In an e-learning context SSO is essential for adoption: if a learner must create and remember a separate account for the LMS, the video platform, the proctoring tool, and the badge issuer, friction accumulates and completion rates fall. LTI provides a form of SSO for tool launches — the learner's identity flows from the LMS to the tool as part of the signed launch message, so the tool can create or match a user account without showing a login screen. For enterprise deployments the LMS itself is typically connected to the corporate identity provider via SAML 2.0 or OpenID Connect (OIDC), meaning employees use their existing corporate credentials. OAuth 2.0 is used for service-to-service authentication (as in AGS and NRPS calls) rather than for learner-facing SSO. A common gotcha is account matching when a learner first arrives at a tool via LTI: the tool must decide whether to match by email, by LMS user ID, or by a platform-specific subject identifier, and each choice has implications for privacy (email is PII) and for handling learners who have pre-existing accounts in the tool. SSO failure is one of the most disruptive end-user experiences in an e-learning product, so identity flows deserve careful integration testing across every supported LMS and browser.
