@kennwhite I wonder if they’ve ever considered running their own internal SSO. It’s probably still a bad call, but considering how high-value they are, they incur non-negligible risk attackers pivoting into them from compromised vendors. And their business is credential management….