---
title: Single logout
description: The single logout (SLO) profile enables users to sign off of all participating sites in a federated session from any site.
component: pingfederate
version: 13.1
page_id: pingfederate:introduction_to_pingfederate:pf_single_logout
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/introduction_to_pingfederate/pf_single_logout.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: August 7, 2025
section_ids:
  about-session-cleanup: About session cleanup
---

# Single logout

The single logout (SLO) *(tooltip: \<div class="paragraph">
\<p>The process of signing a user out of multiple sites where the user has started a SSO session.\</p>
\</div>)* profile enables users to sign off of all participating sites in a federated session from any site.

The associated identity provider (IdP) *(tooltip: \<div class="paragraph">
\<p>A service that manages identity information and provides authentication services to relying clients or SPs within a federated or distributed network.\</p>
\</div>)* federation deployment manages all logout requests and responses for participating sites. If a participating site returns an error, other participating sites might not receive their logout requests. In this scenario, PingFederate returns an error message to the end users.

The logout messages can be transported using any combination of bindings described for single sign-on (SSO) *(tooltip: \<div class="paragraph">
\<p>The process of authenticating an identity (signing on) at one website (usually with a user ID and password) and then accessing resources secured by other domains without reauthenticating.\</p>
\</div>)* (POST, artifact, or redirect). The topic for each [Single sign-on](pf_sso.html) scenario contains a diagram that illustrates these message flows.

## About session cleanup

When a service provider (SP) *(tooltip: \<div class="paragraph">
\<p>In SAML, an entity that receives and accepts an authentication assertion issued by an IdP, typically for the purpose of allowing access to a protected resource.\</p>
\</div>)* receives an SLO request from an IdP, the session creation adapters must handle any session clean-up involving the local application.