zlacker

[parent] [thread] 7 comments
1. bilalq+(OP)[view] [source] 2024-07-30 18:21:11
These days, I feel like this biggest obstacle with SAML is integrating with SaaS products. I've been in many situations where it requires back and forth emails to a support team. I've been handed a literal 204 page PDF on integrating with one vendor's SSO setup (the entire document was literally just for their SSO integration, nothing else). Attribute mappings are still a mess. It's wild how poor the experience still is.
replies(3): >>havefu+u >>ucario+U4 >>SkyPun+Fr
2. havefu+u[view] [source] 2024-07-30 18:23:37
>>bilalq+(OP)
OKTA does a pretty great job, if you want to spend $2X,XXX per year
replies(1): >>bilalq+T1
◧◩
3. bilalq+T1[view] [source] [discussion] 2024-07-30 18:30:48
>>havefu+u
I'm referring to the opposite side of the problem. Even if you use Okta, if you want to integrate with company XYZ using SSO, no amount of Okta spend will save you.
replies(1): >>rvnx+FJ
4. ucario+U4[view] [source] 2024-07-30 18:43:55
>>bilalq+(OP)
I've written one of these 204-page PDFs before (I think it was more like 20 pages though). The IDPs don't exactly make it easy on their customers to set this stuff up, and the burden ends up on the SP (i.e. you) to document to folks how to use their own IDP.

Incidentally we just shipped something for this. Rather than having to make a 204-page PDF, you can go into SSOReady, generate a setup URL, and give it to customers. Customers can visit that URL and they get a self-serve UI for configuring their SAML connection to your product.

https://ssoready.com/docs/idp-configuration/enabling-self-se...

replies(1): >>mwcamp+Lj
◧◩
5. mwcamp+Lj[view] [source] [discussion] 2024-07-30 20:13:52
>>ucario+U4
Wow. My company previously did an SSO implementation for our SaaS where we ran Shibboleth SP behind Apache just for SSO, with a little Python web app using mod_wsgi to call back to the main web app after SSO was completed. But for the customers that we've onboarded to SSO so far, we had to contract with a SAML expert to work with the customer to set it up. This self-service setup might be enough to make it worth our while to migrate to SSOReady.
replies(1): >>crngef+l81
6. SkyPun+Fr[view] [source] 2024-07-30 21:07:00
>>bilalq+(OP)
SSO support took up well over 50% of our engineering teams customer support time.

One of the biggest challenges is our users tended to need to pull in a different department, that actually owned the SSO system. They had little incentive to hustle to get things to work, so there’s tickets would often drag on for ages.

We’d loom bad because we’d need certain information from our customer.

◧◩◪
7. rvnx+FJ[view] [source] [discussion] 2024-07-30 23:59:40
>>bilalq+T1
Supabase Auth ? https://supabase.com/docs/guides/auth/enterprise-sso/auth-ss...

Seems reasonably easy to use and a good platform to build a SaaS

◧◩◪
8. crngef+l81[view] [source] [discussion] 2024-07-31 06:19:39
>>mwcamp+Lj
Sounds horrible, why would you use Shibboleth in $currentyear if you could just use OIDC?
[go to top]