Grip SaaS Security Control Plane (SSCP) is a SaaS identity risk management platform that discovers, governs, and secures SaaS applications — including those not integrated with Single Sign-On (SSO) or lacking support for federated authentication protocols such as SAML or OIDC. The platform automatically discovers and maps unsanctioned and shadow SaaS applications across an organization, providing visibility into identity risk across both federated and unfederated apps. It extends governance beyond SSO-integrated applications, identifying apps where users access services with local credentials rather than through an identity provider. Key capabilities include: - Shadow SaaS discovery: Identifies thousands of unsanctioned SaaS apps in use across an organization, including shadow tenants of SSO-governed apps (e.g., Slack, Salesforce, GitHub). - Identity risk prioritization: Builds a unified identity risk profile to prioritize which SaaS apps should be integrated with SSO and flag SSO bypass behaviors. - MFA enforcement: Identifies unfederated SaaS apps for MFA rollout initiatives and monitors adoption and risk. - License cost reduction: Detects redundant or overlapping SaaS apps and enables SAML-less SSO governance without requiring enterprise license upgrades. - Workflow automation: Integrates with Okta Workflows to automate user onboarding, offboarding, SaaS justification reporting, and credential rotation for unfederated apps. - Breach remediation: Automatically rotates passwords for affected users in unfederated systems following a breach. The platform deploys in approximately 10 minutes with no agents or proxies required.