zlacker

[return to "Show HN: Skip the SSO Tax, access your user data with OSS"]
1. ThePhy+Gj[view] [source] 2023-04-11 14:19:43
>>mathia+(OP)
How does that solve the problem SSO typically solves? It seems you're trying to replace it by syncing users from different tools? That seems worse than SSO and is unlikely to be acceptable, as most security certifications require SSO as a best practice, manually syncing users from different tools won't cut it. Also, implementing SAML-based SSO from scratch isn't that difficult, I did it for our enterprise product and it's barely 500 lines of code. However, we had a nice role-based access management in our tool already, so adding SSO was just a matter of mapping SSO data to our internal role models. That part is usually what causes most effort, i.e. fine-grained access control for different parts of your application, SSO just provides the identity and group management layer that you can use as a basis for that.

Apart from that, SSO is just a handy feature that non-Enterprise customers usually don't need while Enterprise customers do, so it's ideal for differentiating customers. That said an Enterprise edition contains much more than SSO in many cases, e.g. audit logging, containerized deployments, extensive support, etc.. That's what you pay for with an Enterprise offering, the SSO feature is just a small part of that.

◧◩
2. jjav+dz1[view] [source] 2023-04-11 19:39:22
>>ThePhy+Gj
> as most security certifications require SSO as a best practice, manually syncing users from different tools won't cut it

Having taken a couple companies through SOC2, I can say that's not true.

Lots of apps being used by enterprises don't even have support for SSO at all, even if you were willing to pay the tax. Audits can't require you to use something that does not exist. Thus, the manual syncing and comparing is a frequent ritual of audit compliance (and to be fair, is something that should be done regularly even if no auditor is asking for it).

> Also, implementing SAML-based SSO from scratch isn't that difficult, I did it for our enterprise product and it's barely 500 lines of code.

That's not the problem though, the issue is third party apps that don't want/care to support SSO. You can't go and modify their code.

[go to top]