|
|
|
|
|
|
by nrvn
28 days ago
|
|
|
I am the one who had been using g suite before it became google workspace for more than a decade.. Last year I changed my email provider, cancelled workspace subscription and deleted the google account only to create a new one with the same email address as a normal user. Used google takeout to transfer all valuable assets out. I lost access to literally nothing! SSO binds your email address as the primary account idenitifier in all known to me services. Does not matter what IDP you use to “sign in with”. I find this twitter thread misleading. Unless the affected account was using @gmail.com as their primary identity. Buy a domain and set up email on custom domain. backup emails periodically outside of the provider to be able to switch easy if needed. Same applies to other data stored in SAAS of any kind. This is the rule of thumb if the risk of losing access to tour primary IDP is critical. Assess the risk and act accordingly. |
|
|
Do you mean that you're setting up SAML/OpenID for every service you use?
> Does not matter what IDP you use to “sign in with”.
I don't understand. The service provider needs to check the identity of the IdP, or IdP-B could impersonate user alice@foo belonging to IdP-A