Protecting your organization's data doesn't just involve protecting the systems you own and build; it also involves protecting the third party systems (such as SaaS applications) that hold that data. But locking those applications down too tightly prevents collaboration across teams and partners and leads to duplicated effort. This talk explains a pattern, credential abstraction, that can be used to further secure third-party systems and ensure that data can be shared safely within appropriate bounds. It reviews an example implementation and how some of the challenges that came up during that implementation were managed.