The vision is clear: passwordless authentication across the enterprise. No more phishing risks. No more credential reuse. No more frustrated users resetting forgotten passwords.
And that vision is already in motion. According to Okta's 2025 Businesses at Work report, adoption of Okta FastPass and other passwordless technologies grew by 377% year-over-year.
It's not just a future concept—it's here. And it's transforming the security posture of forward-thinking companies.
But there's a catch.
The passwordless rollout hits a wall
While passwordless adoption surges, the rollout isn't seamless. Many IT teams quickly realize that the apps their users depend on daily—the legacy applications, niche SaaS tools, and platforms lacking SAML or OIDC—weren't built for this era.
These disconnected apps sit outside Okta or any IdP, breaking the continuity of the user experience:
- Seamless login via Okta FastPass or FIDO2 integration for modern apps
- Manual passwords for legacy systems and nonstandard tools
It's more than friction. It's a gap in your security posture.
Legacy applications: holding your strategy hostage
You've committed to passwordless. But how many of your core apps are actually on board?
Some examples we hear often:
- On-prem or cloud systems that don't support SAML or OIDC
- Apps provisioned via CSV or invite emails
- SaaS vendors with no SCIM support
- Department-owned tools flying under IT's radar
These legacy applications don't connect to Okta. They don't support passkeys. They force you to maintain passwords—keeping you tethered to the very risks you set out to eliminate.
The challenge is that many of these shadow IT applications remain invisible to IT teams until a security incident occurs.
The identity orchestration gap
You've invested in Okta. You've rolled out FastPass. But if the rest of your SaaS environment is still password-bound, you haven't solved the problem—you've split it.
That's the orchestration gap:
- Users remember some apps are passwordless, others aren't
- IT juggles parallel systems: one automated, one manual
- Compliance checks and deprovisioning processes break down
And the larger your SaaS footprint grows, the harder this gets. The complexity of managing user access across disconnected systems exponentially increases as organizations scale.
Authentication challenges across the stack
These blind spots show up in your operations:
- Rising helpdesk tickets for forgotten passwords
- Orphaned accounts in disconnected tools
- Inconsistent login experiences for users
Passwordless adoption isn't stalling because IT lacks intent. It's stalling because your app ecosystem hasn't kept up.
And managing it manually simply doesn't scale. These visibility challenges are symptoms of a deeper problem: disconnected tools that can't communicate with your identity infrastructure.
Stitchflow's view: extend passwordless across every app
Stitchflow exists to finish what your IdP started. We fill the passwordless coverage gap left behind by legacy and disconnected applications.
Here's how:
- Automated auditing of all your apps—including those not connected to Okta
- CSV-based provisioning/deprovisioning that works without SCIM
- Discovery of shadow IT and unmanaged tools
- Identity lifecycle visibility across every user and system
- Native integration with Okta to help extend your FastPass investment
With Stitchflow, you don't have to wait for every vendor to support SAML or OIDC. We make passwordless a reality—even for the long tail of your app stack.
Our Okta integration extends your existing identity infrastructure to cover applications that traditionally fall outside your IdP's reach.
Bridging the passwordless divide
FIDO2 integration, SAML, and OIDC are powerful. But they can't secure what they don't touch. That's where identity orchestration steps in.
Modern IT teams know: 60% coverage isn't enough. If you're leaving behind a dozen apps—or hundreds—that still rely on passwords, your strategy is incomplete.
The longer you wait, the more disconnected accounts pile up. The more complexity builds. The more risk your business carries.
What's your next move?
Ask yourself:
- Which apps are still outside Okta?
- Where do passwords still lurk?
- Can you deprovision every user from every app today?
If you're unsure, you're not alone. But it's time to change that.
Let Stitchflow extend your passwordless authentication strategy to 100% of your SaaS stack.
Because in 2025, a passwordless future shouldn't stop at 60%.
Frequently asked questions
Passwordless initiatives often stall because many legacy or niche apps don’t support protocols like SAML or OIDC. These apps force IT teams to maintain manual passwords, creating friction and security gaps despite using tools like Okta FastPass.
Apps that lack SAML/OIDC support, rely on CSV provisioning, or aren’t integrated with your IdP (like Okta or Entra) disrupt the seamless passwordless flow. These include legacy systems, department-owned tools, and unmanaged SaaS apps.
The identity orchestration gap refers to the mismatch between apps that support modern identity protocols and those that don’t. It creates parallel systems—some automated, some manual—resulting in security blind spots, operational overhead, and poor user experience.
Stitchflow bridges the gap by discovering unmanaged apps, supporting CSV-based provisioning, and providing lifecycle visibility—even for systems not connected to your IdP. It helps extend passwordless coverage across 100% of your SaaS stack.
Yes. With Stitchflow, you don’t need to wait for every vendor to support SAML or SCIM. Our orchestration layer enables you to enforce passwordless policies even for nonstandard or disconnected apps.
Jay has been serving modern IT teams for more than a decade. Prior to Stitchflow, he was the product lead for Okta IGA after Okta acquired his previous ITSM company, atSpoke.
