A system for providing a conditional single sign-on, wherein during a first access sequence a connection broker provides a first random number to a device. During a subsequent access period, the device provides encrypted user credentials to the connection broker comprising credentials of a user encrypted by a key K. The key K comprises the first random number combined with a second random number. The device further provides an encryption of the second random number to the connection broker, the second random number encrypted with a first public key held by the computer resource. The connection broker decrypts the first random number and retransmits the encryption of the second random number and the encrypted user credentials to the computing resource.