• Brkdncr@sh.itjust.works
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    11 months ago

    They handle it better and your options to respond are better.

    You can immediately invalidate all associations for instance. You can revalidate them too once your identity provider is back up and running. Okta is going through this right now I believe, but I haven’t been paying a whole lot of attention to it.

    There’s no password with federated sites. It’s certificates to prove the connection is valid, and tokens.

    The federated website could chose to save nothing about you. It would make it a lot easier for them to do so, as it means less resources to manage, and less PII to be concerned about storing.