OWASP Single Sign-On

OWASP Incubator GitHub release GitHub stars

OWASP SSO is a javascript application that allows a secure-by-default self-hosted SSO experience, including phishing-proof two-factor authentication, using state-of-the-art security mechanisms.


Companies are struggling to properly secure access to their infrastructure, as many teams and projects need to re-implement authentication. A change in security policy (eg mandatory two-factor authentication) has difficulties propagating throughout the whole business, and the security team has issues bringing many proprietary login systems together for monitoring and reaction.

The solution - of course - is SSO. However this field is heavily dominated by a few global players. A company looking to implement SSO often needs to have the access to all of its company data and its employee data usually managed by one of those large vendors. This creates privacy and compatibility issues.

OWASP SSO is a solution that can be easily deployed and enforces a secure SSO experience with full control over the data. It can authenticate users for different applications using phishing-proof state-of-the-art MFA (FIDO2, client certificates that can integrate with the existing certificate infrastructure of a company, and anti-phishing email confirmation) across all devices, allows to centrally log user changes and send them to the SOC team to immediately detect and remediate any attacks, allows applications to easily embed secure authentication at different stages (eg an application can do login internally and only send users to the SSO for MFA).

By providing companies the possibility to run their own SSO with the highest standards of security and saving a lot of money on development costs of each project, OWASP SSO plans to become the primary choice for enterprises with increased security or privacy requirements.


GitHub contributors

OWASP SSO has been created by @JamesCullum and is developed, maintained and translated by a team of volunteers.



This program is free software: You can redistribute it and/or modify it under the terms of the GPL License.

Main Selling Points

  • Free and Open source: Licensed under the GPL license with no hidden costs or caveats
  • Easy-to-install: Choose between node.js or Docker to run on Windows/Mac/Linux
  • Self-contained: Additional dependencies are easily resolved and downloaded automatically
  • Safe defaults: Run it straight out of the box and have the safest settings chosen by default
  • Open standards: Uses up-to-date technologies without vendor lock-in or hidden tricks
  • Re-branding: Fully customizable in business context and look & feel to your own corporate or customer requirements
  • Proven security, full privacy: No need to trust other companies to protect your data, users and services - all data only belongs to you!
  • SOC/SIEM Support: Easily plug & play it with your SIEM to let your security team have a central overview over all logins

Project Supporters

You can attribute your donation to the OWASP SSO project by using this link or the green “Donate”-button while on any tab of the OWASP SSO project page!

Code contributions count as sponsorship - see details.

Top Supporters

Panasonic Information Systems Company Europe

All Corporate Supporters

All Individual Supporters

The OWASP Foundation is very grateful for the support by the individuals and organizations listed. However please note, the OWASP Foundation is strictly vendor neutral and does not endorse any of its supporters.