Code Room
On-callHardoc-g068
Subject Third party downLevel Senior–Staff~40 minCommon in Security · Reliability & on-call interviewsIndustries Technology, Software development

Question

Your SaaS app uses a third-party identity provider (Auth0-style) for all social and SSO login. At 09:05 support reports a flood of 'can't log in' tickets. Dashboards: your login success rate dropped from 99% to 12%; the IdP's token endpoint is returning 500s and its JWKS endpoint is timing out. Existing logged-in sessions are unaffected. You shipped a config change to your IdP tenant 40 minutes ago that rotated a signing key. The IdP's public status page says 'all systems operational.' How do you triage and mitigate?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.