A system and method for providing secure Single-Sign-On (SSO) authentication in a zero-knowledge architecture. A first server component may operate as a first relying party in a first SSO flow. When the user of an application successfully authenticates to a first identity provider, a first part of a secret key may be provided to the application. Additionally, a second server component may operate as a second relying party in a second SSO flow. When the first part of the secret key is received by the application, authentication information may be provided to a second identity provider. Based on a successful authentication, a second part of the secret key may be provided to the application. The first and second parts of the secret key may be combined by the application to generate a final secret key that may be used to decipher encrypted user data.