How-To & Implementation
Code-forward, step-by-step guides that teach you to actually build the thing: SSO, passkeys, SCIM, MCP hardening.
Add SSO to Your B2B SaaS (and Escape the SSO Tax)
IAM · practitioner · 9 minEnterprise deals stall without SSO. Here is how to add SAML and OIDC single sign-on the right way, model it multi-tenant, and price it without the SSO tax.
Implement Passkeys / WebAuthn (with code)
Identity · practitioner · 8 minA working guide to passkeys and WebAuthn: the ceremony, real server and browser code, synced vs device-bound tradeoffs, and the recovery design that makes or breaks it.
Set Up SCIM Provisioning for Enterprise Customers
IAM · practitioner · 8 minHow to implement SCIM 2.0: the User and Group schema, the endpoints you must build, deactivate-not-delete flows, group-to-role mapping, and testing against Okta and Entra.
Secure an MCP Server
AI Security · advanced · 8 minAn MCP server hands a model the power to act. Here is how to secure it: authN/authZ per invocation, least-privilege tools, untrusted-output handling, brokered secrets, and audit logs.
Red-Team an LLM: A Practical First Pass
AI Security · advanced · 8 minA first pass at LLM red-teaming: the four failure classes, a starter probe set, direct vs indirect injection, scoring, guardrail limits, and turning it into a CI regression suite.
Pass SOC 2 as a Seed-Stage Startup
Startup · intro · 8 minThe honest seed-stage SOC 2 playbook: Type II scoped to Security, realistic cost and timeline, the three controls that matter, whether Vanta/Drata are worth it, and how to avoid theater.