Validating the security credentials
Whatever method of retrieval is used, there needs to be a paper trail to indicate who checked out the credentials, the amount of time spent doing so, and, most importantly, why these credentials were needed.Regardless, it’s important to keep in mind that just because the individual had a good reason to check out the credential, this process doesn’t guarantee that’s what the credentials were used for.
Organizations may also require that fine-grain auditing and logging be turned on for the duration of the session. If an organization is severely paranoid, it’s possible to use the “two-key” process, where two privileged users or the user and a knowledgeable security person sit at a terminal and one does the work while the other monitors all activities.
Finally, not to be forgotten is the principal that, “Good people generally do good things.” The security team should train and work with the organization's development team to emphasize the ideology that, as Spiderman’s uncle put it, “With great power comes great responsibility.” Enterprise SSO products have matured over the years, so what's the state of e SSO today?