Linked in icon whiteLinked in icon dark blue
Adrian Ludwig
Security Advisor, Investor, CISO
Exit icon
Linked in icon whiteLinked in icon dark blue
Gerhard Eschelbeck
Exit icon
Linked in icon whiteLinked in icon dark blue
Dean Atkinson
Exit icon
Linked in icon whiteLinked in icon dark blue
Karl Mattson
Exit icon
Linked in icon whiteLinked in icon dark blue
Frank Kim
Exit icon
Linked in icon whiteLinked in icon dark blue
Shlomi Boutnaru
CTO & Co-Founder, Rezilion, CTO & Co-Founder, CyActive (Acquired by PayPal)
Exit icon
Linked in icon whiteLinked in icon dark blue
Eran Barak
Former CEO & Co-Founder, Hexadite
Exit icon
Linked in icon whiteLinked in icon dark blue
Andy Champagne
SVP, Akamai Labs, Akamai Technologies
Exit icon
Linked in icon whiteLinked in icon dark blue
Tammy Moskites
CEO/Founder CyAlliance and CISO Luminary
Exit icon
Linked in icon whiteLinked in icon dark blue
Jeff Trudeau
Fintech CISO
Exit icon
Linked in icon whiteLinked in icon dark blue
Adi Sharabani
Former CEO & co-founder of Skycure and former GM & SVP at Symantec.
Exit icon
Linked in icon whiteLinked in icon dark blue
Bhavesh Advani
VP Cybersecurity at Fidelity Investments
Exit icon
Linked in icon whiteLinked in icon dark blue
David Tsao
VP Security Engineering at Marqeta
Exit icon
Linked in icon whiteLinked in icon dark blue
Andy Ellis
Former CSO at Akamai
Exit icon
Linked in icon whiteLinked in icon dark blue
Karthik Rangarajan
Principal Security Engineer at Robinhood
Exit icon
Linked in icon whiteLinked in icon dark blue
Sameer Sait
Chief Information Security Officer, Amazon/WholeFoods
Exit icon
Linked in icon whiteLinked in icon dark blue
Michael Sutton
Founder - StoneMill Ventures / Former Chief Information Security Officer, ZScaler
Exit icon
Linked in icon whiteLinked in icon dark blue
Sounil Yu
Creator of the Cyber Defense Matrix, CISO & Head of Research at JupiterOne and former Chief Security Scientist at Bank of America
Exit icon
Linked in icon whiteLinked in icon dark blue
Omkhar Arasaratnam
Former Executive Director, Data Protection Engineering at JPMorgan Chase
Exit icon
Linked in icon whiteLinked in icon dark blue
George Kurtz
Co-Founder & CEO at CrowdStrike
Exit icon

For any request or information please email info@grip.security or fill the form.

We will get back to you as soon as possible.

Your request has been sent
Oops! Something went wrong while submitting the form.
Exit icon
back arrow white icon
Back to SaaS security glossary
oidc

What is OIDC?

Open ID Connect (OIDC), often called “Social Login”, is a standard defined to allow users to use existing authentication method/vehicle leveraging credentials used for partner trusted sites to access another site without needing to set up unique credentials. OIDC is a standard for authentication and authorization that builds on top of OAuth 2.0. It provides a way for clients to verify the identity of the end-user based on the authentication performed by an authorization server.

However, there are several security concerns that need to be considered when using OIDC:

Data leakage. Sensitive data like access tokens, ID tokens, and user profiles can leak if they are not stored or transmitted securely.

Phishing attacks. End-users can be easily tricked into revealing their OIDC credentials if phishing attacks are not prevented.

Cross-Site Request Forgery (CSRF). CSRF attacks are used to compromise OIDC authentication flows with missing security measures.

Token hijacking. Tokens can be stolen and used by unauthorized parties if they are not properly secured.

Man-in-the-middle (MITM) attacks. Attackers intercept communication between the client and the authorization SaaS service to steal sensitive information.

Insufficient logging and monitoring. Insufficient logging and monitoring can make it difficult to detect and respond to security incidents.

To mitigate these security concerns, it is important to properly implement OIDC and follow best practices, such as using SSL/TLS for all communications, implementing proper authentication and authorization controls, and regularly monitoring and logging OIDC-related activity.

oidc

Related terms

Cloud Security Posture Management (CSPM)
Cloud Security
identity

Related terms

RBAC
Cloud environment vs SaaS environment
Secure Access Service Edge (SASE)
Software-as-a-Service (SaaS)
oidc

Related terms

oidc

Related terms

oidc

Related terms

oidc

Related terms

BYOD
oidc

Related terms

Identity Risk Management
Identity Threat Detection and Response (ITDR)
Access Management
Open Authorization (OAuth)
oidc

Related terms

You might also like
Blog
April 15, 2024

The ONE Thing All Modern SaaS Risk Management Programs Do

Read article
Read article
News
December 13, 2023

Fortune: Fortune Cyber 60 Top Early-stage Companies

Read article
Watch webinar
Resources
November 16, 2023

Business Case for Grip SaaS Security Control Plane

Download
Read more

Talk to an Expert

Request a consultation and receive more information about how you can gain visibility to shadow IT and control access to these apps.

Your request has been sent
Oops! Something went wrong while submitting the form.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.