Code Room
System designHardsd-g613
Subject Authentication ssoLevel Senior–Staff~50 minCommon in Security interviewsIndustries Technology

Question

Design a centralized authentication and SSO service for a SaaS company with 40M end users across 3,000 enterprise tenants, supporting OIDC/SAML federation, social login, and step-up MFA. Target p99 token-validation latency under 15ms at 200k authentications/sec at peak, with availability of 99.99%. A compromised tenant must never let an attacker mint tokens for another tenant, and a stolen long-lived session should be revocable within seconds. Walk through the components, the token model, and how you handle per-tenant signing keys and revocation.

What a strong answer looks like

Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.

Narrate your design
Loading whiteboard…
Run or narrate your approach, then ask the coach.