Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

To be clear, when you talk about using SSO with all your applications, are you talking about A) all of the applications your team uses e.g. SaaS like GDocs or AirTable or whatever or B) the application you are creating? e.g. in lieu of your own database?

Or maybe you mean for both?



Both. As much as possible. You'd like as many of the answers to questions about "how do you manage access to this application, know who has access to it, and ensure that people who shouldn't have access to it don't" be "screenshots and logs from your SSO system".


I'd be interested in any opinions as to whether keycloak is an acceptable solution for SSO wrt SOC2. (Hopefully so as we are well committed to it).


SOC2 doesn’t judge which SSO you use (or even if you use SSO).

If you write up your processes with your SSO provider and you follow your processes any SSO (or none!) works.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: