---
title: "Single Sign On (SSO) using Active Directory Identities"
description: "UserLock enables single sign on using Active Directory identities. Combine with MFA for secure, seamless access across network and SaaS resources."
locale: "en"
updated_at: "2025-11-24T10:08:15.858Z"
canonical: "https://www.isdecisions.com/en/userlock/features/single-sign-on-sso-active-directory"
---

# Single sign on (SSO) using Active Directory identities

Secure access to Microsoft 365 and SaaS apps with single sign on (SSO) using your existing Active Directory identities. UserLock combines single sign on with multi-factor authentication (MFA) for secure, one-step access to both network and cloud resources.

## One Active Directory identity for all access

UserLock's single sign-on (SSO) lets users log in once, optionally with [MFA for SaaS](/userlock/features/mfa-for-saas), using their existing on-prem Active Directory credentials to access Microsoft 365 and other cloud resources, no matter where they work.

### Reduce complexity

Continue to use on-premises Active Directory as the single identity provider.

- No need to create a new directory for user IDs
- Effortlessly scale SSO across all Active Directory users
- Streamline access to all cloud resources for improved user productivity

### Enhance security

Stop password sprawl across many different SaaS applications.

- Easily combine with MFA and session management
- Leverage existing investment in Active Directory security
- Keep authentication on-premises, even for remote user access

## Secure federated authentication for Microsoft 365 & cloud applications

UserLock SSO supports SAML 2.0 protocol to enable federated authentication of Microsoft 365 and other software as a service (SaaS) apps hosted in the cloud. Users get secure and easy access to cloud resources with existing Active Directory credentials.

### Easy to install

Easily configure each cloud app directly from the UserLock  console. An app that is currently not supported can still be  protected with a customized configuration.

### Non-disruptive

Implement SSO quickly with no change or provisioning needed  for existing access to locally-hosted resources and applications.

### SSO safeguards for peace of mind

Rest easy knowing that UserLock SSO allows automatic  SSO certificate rollover protection and SSO disaster  recovery to limit possible interruptions.

### Combine SSO with contextual MFA & access controls

Optimize security by combining SSO with MFA. With UserLock, granular MFA and contextual security at login provide strong authentication without slowing down employees.

- Customize MFA conditions to **ensure less friction for users**
- Choose between **authenticator apps and tokens** like YubiKey and Token2
- Use the **context of users’ authentication attempts** to further secure all user access

## Track and report on all cloud sessions

One central dashboard shows the real-time status of SSO connections at a glance. This includes information about logons and denied logons, as well as:

- Username
- Application name
- Session event type
- Source IP address

## Keep single sign on simple using Active Directory

Secure access to SaaS resources without replacing your on-prem identity infrastructure. UserLock SSO extends Active Directory authentication to SaaS access. By combining SSO and MFA, IT can enforce access policies, monitor, and report on access across your hybrid AD environment.
