SSO is based on AssumeRole which issues temporary credentials (session tokens) instead of using static credentials. SSO-like centralized access management is important to prove that when someone leaves your company that you cut off their access to all data and systems, much easier to do that when everyone uses SSO.
SOC2 doesn’t specify git branch logistics. In general you need to prove all system changes were reviewed, justified, and approved by another person. The goal is no single person can deploy unsupervised production system changes, and the justification for changes were approved and documented. How you do that is all in the art of IT.
SOC2 doesn’t specify git branch logistics. In general you need to prove all system changes were reviewed, justified, and approved by another person. The goal is no single person can deploy unsupervised production system changes, and the justification for changes were approved and documented. How you do that is all in the art of IT.