Register for our webinar on AI and the SaaS Supply chain with experts from Workday and S&P Global

ACCESS VIOLATIONS

Find and fix access violations in SaaS

Local SaaS logins create an easy path around SSO and MFA. Spot and eliminate misconfigured access policies so every user authenticates through secure controls.

WATCH A DEMOFREE TRIAL
Jump To:
ChallengeSolutionUse CasesCustomer StoriesFAQ
Challenge

SSO enabled doesn’t mean SSO enforced

Even with IAM in place, app owners can misconfigure settings or grant exceptions that create persistent backdoors around your controls.

  • Without SSO, attackers only need a stolen password to break in
  • Auditors levy fines and breaches are amplified when users don’t use MFA
  • Local access lets terminated employees retain access to corporate systems
  • Manual review of SaaS logs makes it tough to detect access violations

78%

Of SaaS apps are not behind SSO

55%

Of SaaS that have local login access sensitive data

25%

Increase in SaaS without SSO controls every three months

Solution

Enforce secure authentication controls across your environment

Find and eliminate every direct authentication path between users and SaaS to enforce strict, consistent access controls through your identity perimeter.

GET A DEMO

Reduce breach risk

Easily spot local access misconfigurations and SSO bypass.

Confirm offboarding

Fix misconfigurations that allow authentication by legacy accounts.

Enforce SSO and MFA

Bring every app and account in compliance with access policy.

Find shadow SaaS

Find and secure unmanaged SaaS and block unsanctioned apps.

Use Cases

Prevent access violations in SaaS

Review misconfigurations that allow local authentication and global policy bypass, including for legacy accounts.

85%

reduction in SaaS attack surface

Bring hidden SaaS under centralized access controls to enforce secure authentication and compliance.

100%

Shadow SaaS discovery

Spot evidence of direct login events to secure user authentication.

+49M

users protected

Customer stories

Trade Me achieved 99% MFA coverage using Obsidian

Learn more

Upwork ensured appropriate onboarding and offboarding using Obsidian

Learn more

Snowflake saved 800+ engineering hours per month with Obsidian

Learn More

BigCommerce reduced SIEM costs 25% from Obsidian

Learn more

View all customer stories →

Targeted insights to stop access violations in SaaS

Video

SSPM Bigger Picture—Posture Management, Shadow SaaS, and Integrations

September 13, 2024

Blog

Shadow SaaS Discovery: Email Scanning vs. In-Browser Monitoring

April 28, 2025

Blog

Shadow Linking: The Persistence Vector of SaaS Identity Threat

July 1, 2024

Frequently asked questions

What is a direct login access violation in SaaS environments?

A direct login access violation occurs when users access SaaS applications using local credentials instead of single sign-on (SSO), often bypassing intended security controls and multi-factor authentication.

Why do direct login access violations persist in organizations?

Despite SSO configuration, direct logins can persist due to legacy local accounts, break-glass credentials, misconfigured conditional access policies, and SaaS apps that still allow non-SSO authentication paths.

How does Obsidian Security detect direct login violations?

Obsidian continuously monitors SaaS environments via API connections and additionally leverages visibility from its browser extension to identify evidence of local account logins. Together, these methods ensure real-time, high-fidelity detection.

What operational challenges arise from manual detection of access violations?

Manual reviews require correlating SaaS, IdP, and network logs, interviewing users, and collecting evidence, leading to high operational costs and delays in detecting and responding to security incidents.

What are the risks of undetected direct login access?

Persistent violations increase compliance risk, raise operational costs, weaken incident response times, and decrease confidence among customers and auditors.

How does Obsidian improve access policy enforcement compared to traditional methods?

Obsidian automates the detection of policy drift in real time and provides clear evidence for remediation, reducing reliance on periodic manual reviews and minimizing unnoticed violations.

Why is it important to distinguish between SSO and direct login in access logs?

Knowing the difference helps teams quickly identify unauthorized access routes, prevent MFA bypass, and ensure only approved authentication methods are used.

Don’t let users bypass your security controls

Control SaaS authentication for every user and application with Obsidian Security.

Get Started