This set builds vocabulary for enterprise authentication and centralized identity management.
0 / 5 completed
1 / 5
At standup, a dev mentions logging into multiple company tools with one set of credentials managed by a central identity provider. What is this capability called?
Single sign-on (SSO) lets a user authenticate once with a central identity provider and gain access to multiple connected applications without re-entering credentials for each one. This centralizes both convenience and security control in one place. It is a standard requirement for enterprise software procurement.
2 / 5
During a design review, the team discusses the XML-based protocol commonly used for enterprise SSO integrations with identity providers like Okta. Which protocol fits?
SAML (Security Assertion Markup Language) is an XML-based protocol widely used for enterprise single sign-on, allowing an identity provider to assert a user's authenticated identity to a service provider application. It remains common in enterprise contexts alongside newer protocols like OIDC. Supporting SAML is often a prerequisite for selling software to larger organizations.
3 / 5
In a code review, a dev references the entity that authenticates the user and issues the assertion consumed by the application. What is this entity called?
The identity provider (IdP) is the system, such as Okta or Azure AD, responsible for authenticating the user and issuing the signed assertion that the connected application (the service provider) trusts to confirm identity. This separation of concerns lets one IdP centrally manage access across many applications. It is a foundational concept in enterprise identity architecture.
4 / 5
An incident report shows a former employee retained access to a company tool after leaving because their account wasn't deprovisioned centrally. What SSO benefit was not being leveraged?
One of the key security benefits of SSO is that disabling a user's account at the identity provider can immediately cut off access across every connected application, rather than requiring manual deprovisioning in each individual tool. If this centralized process isn't followed reliably, former employees can retain unintended access. This gap is a common finding in access-control incident reviews.
5 / 5
During a PR review, a teammate asks why the company requires SSO integration for new internal tools instead of allowing individual app passwords. What is the reasoning?
Requiring SSO centralizes authentication policy, multi-factor enforcement, and access revocation across every connected tool, rather than leaving each application to manage its own separate password security independently. This consistency significantly reduces the attack surface and administrative overhead compared to scattered individual credentials. It is why SSO is a common baseline requirement in enterprise security policy.