Does SSO cache user credentials?
|Knowledge Article Number||000182106|
|Description||SSO is to link to any internal Active Directory (ADFS) where users log into SFDC using their network credentials. System admin & application admin folks, their network credentials give them elevated access to many internal systems, in addition to VPN access. This brings up concerns in the event that their user login is retrieved from a cache in SFDC, and used to gain unauthorized access to InterCall's internal systems.
How user credentials are cached in Salesforce while using SSO?
|Resolution||Salesforce doesn't cache any information while using SSO only IDP is responsible for sending request.
If user was already signed in to Salesforce, salesforce cookie their session id and that session is active till it times out (lowest timeout being 15 mins for org).
Salesforce do not cache/log/store the credentials in anyway.