Ess Ess Oh. Understand the number of individual warm bodies who need access to what. In an ideal world (that may not exist) this should be aligned to job description/contract and the process for when those people are removed under any circumstance. Pay for the users you need on the platforms you use, whether that's cloud or resources for on-prem/locally managed tools. Elevate legacy systems that aren't implemented for the scale you're operating at to be managed safely on a per-user level. Tell executives/budget process/whatever/whoever these liabilities exist and need to be covered in budget.
And then, yeah, find a password manager tied into that SSO platform to fill the gaps/enforce policies for users using tools that don't have SSO available.
HR-and-manager-enforceable policies and penalties for users who go off the reservations.
And then, yeah, find a password manager tied into that SSO platform to fill the gaps/enforce policies for users using tools that don't have SSO available.
HR-and-manager-enforceable policies and penalties for users who go off the reservations.