How can we prevent users SSO credentials from being compromised in a security breach

[carrollgt91]

In the eventuality that a PIS database compromised, all of the SSO credentials that have been associated with the user accounts would be usable to query any data in the corresponding APIs that the credentials are authorized to access. This would be somewhat mitigated for APIs that restrict requests to come from a given domain, but in the event that the database for a PIS is compromised, the PIS server itself could also be compromised.