20 year old SAML is great, and it’s essential for web apps where you can’t establish a direct trust between the identity service and downstream system, but truth be told, I still prefer it’s 31 year old cousin: LDAP. In an enterprise environment, in my mind, there’s three realistic options for a primary / centralized…

Inevitably all systems have service accounts from Administrator on Windows, to root on Linux, and sa on legacy databases. Service accounts are a necessary part of doing business, but the goal needs to be that no humans (authorized or malicious) have access to any credential which is not their own. For most systems we’ve solved…