
ShoichiroK.00155 (LAC Co., Ltd) さんが質問をしました。
Hi everyone,
I have a question regarding the integration between Box and Okta.
In the Box SSO settings, there are two modes: "SSO Test Mode" and "SSO Required". I am curious if you are actually using the "SSO Required" mode in your environments.
While I understand that restricting logins exclusively to SSO is the best practice from a security perspective, I am concerned about the risk of being completely locked out of Box in the event of an Okta outage or a misconfiguration. Because of this, I feel it might be safer not to enforce SSO strictly.
I would love to hear your thoughts on the following points regarding real-world operations:
- Use cases where you enable "SSO Required" (or reasons why you intentionally avoid it).
- Realistic best practices, including ways to prevent lockouts (e.g., excluding admin accounts from the SSO requirement).
If anyone has experience or insights on this, your advice would be greatly appreciated.
