US Patent 11411944 Session synchronization across multiple devices in an identity cloud service

Embodiments provide session synchronization across multiple devices. Embodiments receive, at a single sign-in (“SSO”) service, user credentials from a user in response to the user signing into the first device. In response to receiving the user credentials, embodiments create a primary SSO session by the SSO service. In response to an attempt by the second device to create another SSO session, subsequent to the creating of the primary SSO session, embodiments create an alias SSO session linked to the primary SSO and set an encrypted session cookie containing the alias SSO session and returning an authorization code including the alias SSO session to the second device. Embodiments verify the second token using a second public key of the second device and send user information of the user to the second device, where the second device uses the user information to automatically sign the user into the second device.