Cloud Identity Architect

Security concerns around SSO and Account Opening Flows

anuj August 29, 2025 Security concerns around SSO and Account Opening Flows2025-08-29T18:57:18+00:00 SAML No Comment

SAML Security Concerns: A → B → back to A SAML Security Concerns Threat Model User starts at Web App A → triggers SAML SSO to Web App B (SP)…

OAuth for Individual Users vs. Service Accounts — Q&A

anuj August 21, 2025 OAuth for Individual Users vs. Service Accounts — Q&A2025-08-21T18:52:05+00:00 OAuth 2.0 No Comment

OAuth vs. Service Accounts — Q&A Q. Is OAuth used for individual users or service accounts? A. OAuth is primarily used for individual users to authenticate and grant delegated access…

SSO with MFA – SaaS Service

anuj July 24, 2025 SSO with MFA – SaaS Service2025-07-24T20:45:13+00:00 SSO

SSO with MFA - for SaaS Services Q1: If a SaaS service supports SSO, does that automatically mean it supports MFA? Answer: No, it does not automatically mean MFA is…

Isolating Browser Sessions – In the Cloud and Locally

anuj July 17, 2025 Isolating Browser Sessions – In the Cloud and Locally2025-07-17T18:47:25+00:00 Browser Security

Browser Isolation Options for Whitelisted Site Access To isolate browsers so they only allow access to whitelisted sites, organizations can choose from several architectural options. Below are three major…

SAML-Based SSO: Source IP for IdP and SP Initiated Flows

anuj July 11, 2025 SAML-Based SSO: Source IP for IdP and SP Initiated Flows2025-07-11T04:57:42+00:00 SAML

SAML-Based SSO: Source IP for IdP and SP Initiated Flows SP-Initiated SSO Flow Summary: The user starts at the Service Provider (SP), which redirects them to the Identity Provider (IdP)…

Capturing a Second Factor Before Full Trust

anuj May 21, 2025 Capturing a Second Factor Before Full Trust2025-05-21T00:33:59+00:00 Entra ID

Capturing a Second Factor Before Full Trust: A Smarter Onboarding Flow In most traditional account creation flows, users are granted full access right after setting up a username and password.…

Enforcing a Second Factor in Entra ID: How to Secure Users Who Never Had One

anuj May 21, 2025 Enforcing a Second Factor in Entra ID: How to Secure Users Who Never Had One2025-05-21T00:11:32+00:00 Azure AD

Enforcing a Second Factor in Entra ID: How to Secure Users Who Never Had One If a user isn’t using a second factor, they’re a risk. Many organizations still have…

Inbound versus Outbound SSO

anuj May 9, 2025 Inbound versus Outbound SSO2025-05-09T15:25:05+00:00 SSO

🔐 Inbound SSO (Single Sign-On) Definition:Inbound SSO means users from an external identity provider (IdP) can sign into your application or service using their existing credentials. Your application becomes the…

OAuth – a primer

anuj April 25, 2025 OAuth – a primer2025-04-25T20:24:06+00:00 OAuth 2.0

Understanding OAuth: Client Types, Flows, and Key Concepts OAuth is the backbone of modern API security, enabling controlled access to resources without sharing user credentials. At its core, OAuth is…

Two OAuth Flows – Public and Private

anuj March 14, 2025 Two OAuth Flows – Public and Private2025-03-14T14:59:27+00:00 OAuth 2.0

Public Flow - Through the Browser, Token returned to the browser. Implicit Grant Flow Private/Confidential Clients (Backend OAuth Flow), Client Credentials Flow Public clients use different authorization flows, like…

12 3 ›»