Code Room
System designHardsd-g225
Subject SsoLevel Senior–Staff~40 minCommon in Distributed systems interviewsIndustries Technology, Software development

Question

Design enterprise SSO for a SaaS that must federate with thousands of customer identity providers (a mix of SAML and OIDC) and keep user lifecycle in sync — when HR offboards an employee in the customer's IdP, that user must lose access on your side within minutes, not at next login. Cover the login flow, how you map an external identity to your internal account without collisions across customers, JIT provisioning vs SCIM for lifecycle, and how you handle a customer's IdP signing-cert rotation without breaking their login.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.