Local Authentication Protocol Support

This question asks about your backup plan when SSO isn't available. Local authentication means users can create accounts directly in your system with usernames and passwords you manage. It's asking what security standards you follow for these direct logins - things like how passwords are encrypted, how login attempts are validated, and what protocols you use to keep these credentials safe.

While SSO is preferred, many organizations need local authentication for specific use cases like emergency access, external contractors, or during SSO outages. Poor local authentication can become a backdoor vulnerability that undermines all other security measures. Strong local authentication protocols ensure business continuity when SSO fails and provide flexibility for diverse user populations. Without proper local authentication, you risk security breaches that could cost millions in damages and destroy customer trust.

Many companies implement basic username/password without following modern security protocols like bcrypt or Argon2 for password hashing. Another common mistake is not implementing rate limiting or account lockout mechanisms, leaving the system vulnerable to brute force attacks. Teams often overlook the importance of secure password recovery flows, which can become the weakest link in authentication security.