How a $200B bank went passwordless on legacy apps that don’t support SAML/OIDC
Securing modern SaaS is easy. Securing the pile of legacy apps that don’t support SAML or OIDC? Total nightmare.
We recently worked with a major U.S. bank ($200B+ assets) that was stuck in this exact integration trap. They had hundreds of unmanaged internal and legacy apps relying on basic passwords. Massive AiTM and phishing risk, plus auditors breathing down their neck.
Instead of trying to rewrite decades of legacy code or forcing everything through a heavy PAM tool, the fix was dropping in a Universal SSO (uSSO) proxy layer. Essentially, it intercepts auth at the perimeter to enforce phishing-resistant MFA and handles the credential injection downstream so the user never sees a password. It even caught a bunch of shadow IT they didn't know existed.
The rollout took weeks instead of years, and knocked out about 90% of their password reset tickets.
If you're tired of waiting on multi year refactoring projects just to close a basic identity gap, the write-up on how the architecture handles it is here: https://unixi.io/case-studies/how-a-top-u-s-bank-went-passwordless/