undefined | Better HN

0 pointsscott_w1y ago0 comments

Agreed, they’re conflating things like Google Sign-in with enterprise offerings like SAML. Companies generally give away Google Sign-in for “free” as it’s a great growth vector and gives SMEs a sort-of SAML setup for low cost. It’s also really easy for the vendor to support: you just click the button and you’re in.

Granted, it lacks some of the benefits of SAML, such as permissions assignment from a central source. But this is also why those features are so pricey: enterprise organisations derive the most benefit from it, and have a team dedicated to its maintenance.

0 comments

ArchOversight1y ago

They aren't conflating anything. OIDC or SAML should not be "taxed" extra.

I do work for a number of small businesses and they can't afford the "enterprise cost" for things, so there is a shared password vault instead because there is no centralized management of users.

The small businesses all have some form of SSO available, whether they are using Azure Entra ID or Google Workspaces, they have a central location for users, but the cost is prohibitive for most products to get the upgrade to get access to SAML or OIDC for SSO.

lelanthran1y ago

> OIDC or SAML should not be "taxed" extra.

But it costs extra. That cost is passed on to the consumer.

The major hurdle is that it's expensive!

Take a typical small business SaaS - providing SSO instead of standard passwords can take more time and effort to purchase or develop and to roll out than the actual SaaS software.

Okay, lets say you buy SSO: offloading to a service is going to cost a minimum of an extra $20/month/user.

Building it? That's going to take months of developer time, not to mention that this is a high-touch/high-feedback feature, which is going to eat up the service employees time.

And then the rollout, which almost always needs a month of external consultants getting everything working correctly.

I'm doing a small SaaS, $15/user/month; if anyone has any good recommendations that aren't going to to cost me a quarter of my current sale price, I'm all ears.

Even if it's DIY, as long as I don't burn a month of dev-time just for integration/deployment.

ArchOversight1y ago

There likely is an off the shelf OIDC SP provider you can use for the actual "hard parts".

If you already use something like "Sign in with {Google,Facebook,Twitter,Apple}" you are already doing part of it.

I have built several products now with OIDC support for authentication (not authorization) and it has never taken more than a day or two to wire it up.

scott_wOP1y ago

My advice would be to wait until a big enough customer is willing to pay through the nose for it. You’re “lucky” in that you charge per user so it’s easy to model into your pricing :)

scott_wOP1y ago

I address this here https://news.ycombinator.com/item?id=40752797

scott_wOP1y ago

To be clear, SMBs should be allowed to use Google Sign-in or Azure’s equivalent for the base pricing. I think this is table stakes for features (and security).

SAML? No chance. SMEs don’t need it and my comments above explain why vendors will never offer it.

1 more reply

j / k navigate · click thread line to collapse

0 comments

ArchOversight1y ago

They aren't conflating anything. OIDC or SAML should not be "taxed" extra.

I do work for a number of small businesses and they can't afford the "enterprise cost" for things, so there is a shared password vault instead because there is no centralized management of users.

lelanthran1y ago

> OIDC or SAML should not be "taxed" extra.

But it costs extra. That cost is passed on to the consumer.

The major hurdle is that it's expensive!

Take a typical small business SaaS - providing SSO instead of standard passwords can take more time and effort to purchase or develop and to roll out than the actual SaaS software.

Okay, lets say you buy SSO: offloading to a service is going to cost a minimum of an extra $20/month/user.

Building it? That's going to take months of developer time, not to mention that this is a high-touch/high-feedback feature, which is going to eat up the service employees time.

And then the rollout, which almost always needs a month of external consultants getting everything working correctly.

I'm doing a small SaaS, $15/user/month; if anyone has any good recommendations that aren't going to to cost me a quarter of my current sale price, I'm all ears.

Even if it's DIY, as long as I don't burn a month of dev-time just for integration/deployment.

ArchOversight1y ago

There likely is an off the shelf OIDC SP provider you can use for the actual "hard parts".

If you already use something like "Sign in with {Google,Facebook,Twitter,Apple}" you are already doing part of it.

I have built several products now with OIDC support for authentication (not authorization) and it has never taken more than a day or two to wire it up.

scott_wOP1y ago

My advice would be to wait until a big enough customer is willing to pay through the nose for it. You’re “lucky” in that you charge per user so it’s easy to model into your pricing :)

scott_wOP1y ago

I address this here https://news.ycombinator.com/item?id=40752797

scott_wOP1y ago

To be clear, SMBs should be allowed to use Google Sign-in or Azure’s equivalent for the base pricing. I think this is table stakes for features (and security).

SAML? No chance. SMEs don’t need it and my comments above explain why vendors will never offer it.

1 more reply

j / k navigate · click thread line to collapse