Federated identity for organizations that have never had it

If your team has 12 different sets of credentials for 12 different systems, you have a security problem and a usability problem at the same time. Federated identity solves both.

What federated identity actually does

One identity provider becomes the source of truth for who a person is. Every other application trusts that identity provider's word. When someone joins, you create one account. When they leave, you disable one account. Everywhere they had access disappears at the same moment.

SAML, OIDC, and the alphabet soup

SAML is the older standard, more common in enterprise apps. OIDC is the newer one, layered on OAuth 2.0, more common in modern SaaS. Most identity providers support both. Most apps support at least one.

The migration path

1. Pick the identity provider. M365, Google, Okta, or Azure AD are common choices.
2. Inventory every app that has its own login.
3. Sort the list by how many people use the app and how sensitive the data is.
4. Migrate the top of the list first. Federated apps move from password-only to SSO.
5. Apps that cannot federate either get a password manager treatment or get retired.