Automatic

SSO promises one login to rule them all — but when it's misconfigured or blindly trusted, that convenience becomes a single point of catastrophic failure. This episode breaks down exactly where SSO goes wrong and how to build it right.

Show Notes

Single sign-on is one of the most appealing fixes in modern IT: collapse a dozen login screens into one seamless experience and move on. But the very design that makes SSO so attractive — centralizing trust in a single identity layer — is also what makes it so consequential when things go sideways. This episode of Automatic digs into the hidden risks behind SSO adoption, drawing on this in-depth look at where SSO implementations break down to surface the patterns teams consistently miss before something breaks badly.
The episode walks through the full landscape of SSO risk — from everyday configuration mistakes to cascading outages — covering:
  • The centralization trap: How SSO quietly rewires a team's mental model of risk, turning a convenience win into a concentrated, high-value target.
  • Weak front-door authentication: Why SSO security is only as strong as the credentials and MFA policies protecting that first login — and why everything downstream inherits whatever weakness lives there.
  • Privilege creep at scale: How stale permissions, inherited group memberships, and forgotten access rights pile up silently inside identity providers — and why a single successful login can unlock far more than it should.
  • The forgotten side doors: Legacy login pages, local admin accounts, and emergency access paths that survive long after the polished SSO rollout — and quietly undermine everything built on top of it.
  • Token and session risk: How long-lived tokens, loose federation trust, and weak reauthentication policies let a brief moment of compromise stretch into prolonged exposure.
  • Availability as a security problem: Why a single expired certificate or misconfigured redirect can lock an entire organization out of email, dashboards, and workflows simultaneously — and what resilience planning actually looks like before that happens.
The episode closes with a practical framing for teams who want SSO to deliver on its promise: treat identity infrastructure with the same rigor as any other system that can stop the business cold. That means phishing-resistant MFA, least-privilege access design, regular role reviews, tested backup paths, and clear incident response plans — not as afterthoughts, but as the foundation SSO sits on. For more on the risks hiding inside AI-powered infrastructure decisions, check out the episode What CTOs Keep Forgetting When Building a Private LLM Stack.
Automatic

What is Automatic?

Podcast for Automatic.co and LLM.co, the AI automation specialists.