Side thought: If this takes off as a popular quality implementation, an additional effect might might be that it's easier for vendors of other services to integrate with users of your software. Maybe there's some way you can profit from that savings or reduced sales friction. (I've had to implement several F500 SSO integrations from scratch, because they were doing bespoke/custom things, and even "SAML" doesn't necessarily interoperate, but software like yours might out of the box.)
Question: For the free hosted SSO, how well are you going to be able to secure that, so that your customers aren't compromised through you?
Question: Will the free tier SSO have uptime guarantees, since it'll be a single point of failure for all your customers? For startups that decide they'd like it hosted for them, but need an SLA, do you expect to be able to provide that at a price doable by startups? (Will a cloud provider pick up those customers using your software?)
Yeah, this is super important. No short answer here, it's just about doing the work and getting it right.
We're working with Oneleet for our SOC2 stuff (which we all know is largely theater) but also pretty thorough pentesting. I can email you their findings.
The reality is we're one of those companies that need to get this stuff right.
> Question: Will the free tier SSO have uptime guarantees, since it'll be a single point of failure for all your customers? For startups that decide they'd like it hosted for them, but need an SLA, do you expect to be able to provide that at a price doable by startups?
Our plan is to work out agreements on a case-by-case basis. It'd depend on exactly what you need. We take guarantees pretty seriously, so we're careful about what we promise.
We're not a services business. We don't want to make money off of "premium support". There is a modest price tag if you want an SLA.
> (Will a cloud provider pick up those customers using your software?)
Would you mind rephrasing?
https://en.wikipedia.org/wiki/Elasticsearch#Licensing_change...