Question
Design a centralized authentication and SSO service for a SaaS company with 40M end users across 3,000 enterprise tenants, supporting OIDC/SAML federation, social login, and step-up MFA. Target p99 token-validation latency under 15ms at 200k authentications/sec at peak, with availability of 99.99%. A compromised tenant must never let an attacker mint tokens for another tenant, and a stolen long-lived session should be revocable within seconds. Walk through the components, the token model, and how you handle per-tenant signing keys and revocation.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.