We use cookies to offer you a better browsing experience. By using our website, you consent to all cookies in accordance with our privacy policy.
I Accept

Gain more technical details on how you can get a Grip on your SaaS Security.

Fill out the form and we’ll send you our Datasheet.

Your request has been sent
Oops! Something went wrong while submitting the form.
Exit icon

Visibility and control across nearly all your SaaS apps. Too good to be true?

Give us a test drive.
Fill out the form and we’ll get in touch with you.

We're getting a grip on your request
Oops! Something went wrong while submitting the form.
Exit icon
Linked in icon whiteLinked in icon dark blue
Shlomi Boutnaru
CTO & Co-Founder, Rezilion, CTO & Co-Founder, CyActive (Acquired by PayPal)
Exit icon
Linked in icon whiteLinked in icon dark blue
Eran Barak
Former CEO & Co-Founder, Hexadite
Exit icon
Linked in icon whiteLinked in icon dark blue
Andy Champagne
SVP, Akamai Labs, Akamai Technologies
Exit icon
Linked in icon whiteLinked in icon dark blue
Tammy Moskites
CEO/Founder CyAlliance and CISO Luminary
Exit icon
Linked in icon whiteLinked in icon dark blue
Jeff Trudeau
Fintech CISO
Exit icon
Linked in icon whiteLinked in icon dark blue
Adi Sharabani
Former CEO & co-founder of Skycure and former GM & SVP at Symantec.
Exit icon
Linked in icon whiteLinked in icon dark blue
Bhavesh Advani
VP Cybersecurity at Fidelity Investments
Exit icon
Linked in icon whiteLinked in icon dark blue
David Tsao
VP Security Engineering at Marqeta
Exit icon
Linked in icon whiteLinked in icon dark blue
Andy Ellis
Former CSO at Akamai
Exit icon
Linked in icon whiteLinked in icon dark blue
Karthik Rangarajan
Principal Security Engineer at Robinhood
Exit icon
Linked in icon whiteLinked in icon dark blue
Sameer Sait
Chief Information Security Officer, Amazon/WholeFoods
Exit icon
Linked in icon whiteLinked in icon dark blue
Michael Sutton
Founder - StoneMill Ventures / Former Chief Information Security Officer, ZScaler
Exit icon
Linked in icon whiteLinked in icon dark blue
Sounil Yu
Creator of the Cyber Defense Matrix, CISO & Head of Research at JupiterOne and former Chief Security Scientist at Bank of America
Exit icon
Linked in icon whiteLinked in icon dark blue
Omkhar Arasaratnam
Former Executive Director, Data Protection Engineering at JPMorgan Chase
Exit icon
Linked in icon whiteLinked in icon dark blue
George Kurtz
Co-Founder & CEO at CrowdStrike
Exit icon

For any request or information please email info@grip.security or fill the form.

We will get back to you as soon as possible.

Your request has been sent
Oops! Something went wrong while submitting the form.
Exit icon
back arrow white icon
Back to SaaS security glossary
oidc

What is OIDC?

Open ID Connect (OIDC), often called “Social Login”, is a standard defined to allow users to use existing authentication method/vehicle leveraging credentials used for partner trusted sites to access another site without needing to set up unique credentials. OIDC is a standard for authentication and authorization that builds on top of OAuth 2.0. It provides a way for clients to verify the identity of the end-user based on the authentication performed by an authorization server.

However, there are several security concerns that need to be considered when using OIDC:

Data leakage. Sensitive data like access tokens, ID tokens, and user profiles can leak if they are not stored or transmitted securely.

Phishing attacks. End-users can be easily tricked into revealing their OIDC credentials if phishing attacks are not prevented.

Cross-Site Request Forgery (CSRF). CSRF attacks are used to compromise OIDC authentication flows with missing security measures.

Token hijacking. Tokens can be stolen and used by unauthorized parties if they are not properly secured.

Man-in-the-middle (MITM) attacks. Attackers intercept communication between the client and the authorization SaaS service to steal sensitive information.

Insufficient logging and monitoring. Insufficient logging and monitoring can make it difficult to detect and respond to security incidents.

To mitigate these security concerns, it is important to properly implement OIDC and follow best practices, such as using SSL/TLS for all communications, implementing proper authentication and authorization controls, and regularly monitoring and logging OIDC-related activity.

oidc

Related terms

RBAC
SaaS Identity Sprawl
Software-as-a-Service (SaaS)
Cloud environment vs SaaS environment
oidc

Related terms

oidc

Related terms

oidc

Related terms

oidc

Related terms

BYOD
oidc

Related terms

Identity Threat Detection and Response (ITDR)
Identity Risk Management
Identity Attack Surface Management (IASM)
Identity Provider
oidc

Related terms

Cloud Security
oidc

Related terms

To learn more,
contact us

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Your request has been sent
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Talk to a SaaS Security Expert Today

Your request has been sent
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Talk to a SaaS Security Expert Today

Your request has been sent
Oops! Something went wrong while submitting the form.