Cloud Computing – Questions to Ask the SaaS Vendor Using Active Directory for IAM

I am in a business environment in which we want to use a SaaS solution, and they use their own AD environment to manage our user accounts.

What kind of questions should I ask them about how they manage accounts? I have already made sure that the complexity of the passwords, the frequency of change of the passwords, is in place.

For example:

  • Do you use NTLM v1 or v2 for hashing?
  • Who has access to the AD, only the administrators?