SSO is almost everywhere, and once embedded it is as hard to dig out as a tick. It is a battle I have been fighting the last year, those in charge want things easy for the employees and the employees don't want to have to remember lots of passwords. I get it.
But I get paid to worry, and what I see is an attacker breaking the SSO password and now having access to all the applications our employees use, many of which have access to both personal Personally Identifiable Information (Pii) as well as Health information. So the issue is really simple, the user need only remember one password a