Failure Scenario

Cloud sign-ins fail during an on-prem outage because federation introduced a hidden dependency chain.

This scenario appears when a cloud platform is expected to stay available, but the chosen authentication design still depends on on-prem services, network paths, or certificate infrastructure that fails at the same moment.

Search Cloud IdentityOpen Cloud Domain
Situation

Availability expectations and auth architecture do not always match.

Teams often assume cloud sign-in is independent once the SaaS endpoint is reachable. In practice, federation, PTA, on-prem certificate trust, or connector dependence can keep a local outage in the critical path.

What To Verify

Map the path a login actually takes.

  • Identify whether the affected users authenticate through PHS, PTA, or federation.
  • Check availability of on-prem identity services, agents, certificates, and required outbound paths.
  • Confirm whether a fallback auth path exists and is actually enabled.
  • Test from external and internal locations to compare the failure boundary.
  • Review whether the chosen model aligns with the business expectation for outage independence.
Decision Path

Use the incident to expose dependency debt.

  • Restore the least dependent auth path first if one exists.
  • Validate user sign-in across a controlled pilot group before declaring recovery.
  • Document the components that remained mandatory during the outage.
  • Feed that dependency map into future identity architecture decisions.