Is SSO per organization or per app

I was wondering, is SSO tied to the entire organization or tied to a specific app?

Meaning, if we enable SSO, do we enable it on an app-by-app basis? Or once we enable it, we must use it for all apps?

SSO will be configured per application.