Single Sign On (SSO) uses a role-based security model where each employee is given one or more of the roles below and each role has unique access rights depending upon the context of the role.
Each employee has the Employee role for logging into applications they may use as part of their employment such as Workday, TrainTraq, Canopy, Maestro, Concur, Time & Effort, and others. Some employees may also have Department or Central Administrator roles to administer the SSO security and application access for their department or system member.