The 3 Levels of IdP Risk Mitigation

User identities have gone through a meteoric rise in prominence, for good and for bad. Centralization, integration, and automation have allowed for richer, easier user access experiences with reduced administration, but they have also created a complex, ever-changing system that is both easier to break and more attractive to attackers. More integrations, often with automation, make for more, bigger changes. More changes by more sources make it harder for attacks to be detected. The breach history of Identity and Access Management (IAM) solutions paints this picture clearly.

All this has made identity providers (IdPs) a central part of any access management plan and an increasingly important risk to manage. A backup and recovery plan cannot protect you if your identity provider is unavailable. When this happens, what options are available?