Identity Security
SaaS-to-IdP Federation Hardening
5 weeks · Remote
We inventory SAML and OIDC connections, identify weak certificate practices, and align token lifetimes with incident response realities. Vendor-specific quirks are documented without advocating lock-in.
₩15,400,000 (KRW)
Request scoping notes
Included focus areas
- Federation inventory with secret rotation plan
- Token lifetime recommendations with UX tradeoffs
- Emergency session revocation drills
- Partner B2B access review checklist
- Logging coverage matrix for federation failures
- Runbooks for vendor-side outages
- Posture comparison against CIS SaaS benchmarks
Outcomes
- Fewer long-lived tokens without business justification
- Documented escalation paths when IdP or SaaS degrades
- Cleaner audit trail for third-party access
Daniel Okonkwo
Identity Security Specialist for SaaS-heavy portfolios.
FAQ
Do you configure SaaS tenants directly?
We pair with your administrators. We do not retain standing admin rights after the engagement.
What about consumer logins?
Consumer flows are out of scope unless they share infrastructure with workforce tenants.
Is SCIM in scope?
Yes, when it affects lifecycle integrity. Depth depends on your provisioning maturity.
Experience notes
They caught three vendors still using SHA-1 metadata we had mentally retired years ago.
Token lifetime advice was conservative in a helpful way; UX pushback was anticipated in the write-up.