Summary by evanconnelly
Tesla has two Identity Providers (IDPs), auth.tesla.com for external users and sso.telsa.com for employees. Tesla Retail Tool (TRT) allows logins from both and was not checking what IDP the user logged-in with (auth.tesla.com vs sso.tesla.com). This made for a condition where via Google Dorks, I was able to identify names and extrapolate email addresses of former Tesla staff and then register accounts with the external IDP using the email addresses of former employees whose accounts had been disabled on the internal IDP but who still had privileges defined by their internal Tesla email address within TRT and ultimately log into TRT with the privileges of those users.