Est. 2026 · Independent
CRM Newspaper Clear answers about CRM software.

Security · Basics · Explainers

What is single sign-on (SSO) in a CRM, and why does it matter?

By CRM Newspaper Editorial Published

The short answer

Single sign-on lets users log into a CRM using credentials from a central identity provider, like Google or Microsoft, instead of a separate CRM password. It matters because it centralises access control — when someone leaves the company, revoking one login removes their access everywhere, including the CRM.

Every extra password a company manages is an extra way for access to go wrong — a former employee’s login never revoked, a shared password nobody remembers to rotate, a weak password reused from somewhere else. Single sign-on exists to collapse that sprawl into one identity, one place to grant access, and one place to take it away.

What is single sign-on?

Single sign-on (SSO) lets a user log into multiple applications, including a CRM, using one set of credentials managed by a central identity provider — commonly Google Workspace, Microsoft Entra ID, or a dedicated provider like Okta. Instead of a separate CRM username and password, the CRM redirects the login to the identity provider, checks the response, and signs the user in if the identity provider confirms who they are.

The user experience is simpler — one login for everything — but the real value is administrative, not convenience.

Why does it matter more than it sounds like it should?

The benefit shows up most clearly at the moment someone leaves the company:

Without SSOWith SSO
Admin must remember to deactivate the CRM account separatelyDeactivating the central identity revokes CRM access automatically
Password strength varies per person, per toolPassword policy is enforced once, centrally
No single view of who has access to whatIdentity provider shows every connected app per user
Multi-factor authentication configured per toolMFA enforced once, applies everywhere

This is the access-control equivalent of what role-based access control does for permissions inside the CRM — SSO controls whether someone can get in at all; RBAC controls what they can do once they are in. Together they answer both halves of “who can touch this data.”

Does a small team actually need it?

Not always immediately, but the threshold is lower than most teams assume:

  • Any team storing sensitive customer data benefits from SSO regardless of size — it is one of the cheapest controls available, and it directly supports the case that your CRM data is safe.
  • Teams with regular staff turnover get the most concrete benefit, since offboarding is where manual access control fails most often.
  • Very small, stable teams with few tools and careful offboarding habits can reasonably delay it, though the cost of adding it later is low enough that waiting rarely saves much.

Most CRMs gate SSO behind a higher-tier plan, so the practical decision is often about cost as much as need — weigh it against the real risk of a missed offboarding step, which tends to be higher than it feels in the moment.

What should you do next?

If your CRM plan includes SSO, turn it on — the setup is usually a one-time integration with your identity provider, and it removes an entire category of access risk with no ongoing effort. If your current plan does not include it, treat it as a factor the next time you evaluate CRM costs, alongside the other security and access controls a growing team needs.

Keep reading

Basics · Explainers

What is contact segmentation in CRM?

What is contact segmentation in CRM? How it works, which attributes to segment on, and how segmentation connects to automation and reporting.