Is Zero Trust and SSO a contradiction?

Zero Trust as the name implies avoids trust relationships between services.

Single-Sign-on implements a trust relationship between services for authentication.

Consequently both concepts are contradictions, yet there are famous Zero Trust implementations like Googles BeyondCorp that use SSO.

Assuming an adversary compromises account credentials (including possible 2FA), SSO services allow access to everything, so it contradicts Zero Trust.

Is SSO always a compromise in regards to Zero Trust?

​

​

2fa access account adversary authentication beyondcorp concepts credentials cybersecurity everything name relationship relationships services sign single sso trust zero trust