The irony is that an IdP (identity provider) with SAML-based Single-Sign On is supposed to be another line of defense alongside MFA. It’s like the security company you hired for your gated community hiring ex-cons!
If you’re using OKTA for MFA but still have something else as a reliable primary source of authentication, then it’s safer against one or the other being compromised.
If you’re using OKTA’s (or any one provider’s) services for primary login and MFA, then depending on the extent they get compromised, yeah: all eggs, one basket
is this one of those ‘keeping all your eggs in one basket’ kinda things?
The irony is that an IdP (identity provider) with SAML-based Single-Sign On is supposed to be another line of defense alongside MFA. It’s like the security company you hired for your gated community hiring ex-cons!
Depends on how you’re set up.
If you’re using OKTA for MFA but still have something else as a reliable primary source of authentication, then it’s safer against one or the other being compromised.
If you’re using OKTA’s (or any one provider’s) services for primary login and MFA, then depending on the extent they get compromised, yeah: all eggs, one basket