Question
Should all new SaaS vendors be required to integrate with our single sign-on provider as a condition of doing business?
Background
Employees currently juggle logins across dozens of cloud tools, increasing password reuse and security risk. Standardizing on SSO improves security and user experience, but may eliminate some low-cost tools that cannot support enterprise identity protocols.
Options
- Require full SSO integration for all new SaaS vendors, with no exceptions.
- Require SSO for systems that handle sensitive or customer data, but not for low-risk tools.
- Treat SSO as a strong preference rather than a strict requirement.
- Make no change to current vendor requirements.