This document discusses single sign-on (SSO) and why it is better than traditional LDAP authentication. It describes various SSO protocols like SAML, OAuth, and Kerberos. While LDAP is sometimes used for SSO, it has security risks since each application handles credentials separately. The document recommends using a true SSO solution instead, which avoids firewall openings, provides a consistent login experience across applications, and delegates security responsibilities. It then describes how the author set up Icingaweb2 to use Active Directory Federation Services for SSO and group mapping through an open-source project. A demo of the SSO process is provided.