By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Imagine if you went to the movies and they charged $8000 for popcorn.
Or, imagine you got on a plane and they told you that seatbelts were only available in first class.
Your sense of outraged injustice would probably be something like what IT and security professionals feel when a software vendor hits them with the dreaded SSO tax.
The SSO tax is the name given to the practice of charging an outrageous premium for Single Sign-On, often by making it part of a product’s “enterprise tier.” The jump in price can be astonishing — one CRM charges over 5000% more for the tier with SSO. At those prices, only very large companies can afford to pay for SSO. But the problem is that companies of all sizes need it.
In a world where compromised credentials are the number one culprit in breaches, SSO reduces the number of weak, reused passwords flying around. It’s also critical to onboarding and offboarding, since IT only has to manage a single on/off switch, instead of managing access separately for every application.
To be fair, there’s nothing wrong with charging some extra for SSO — it’s not free for vendors to build or maintain — but putting it out of the reach of so many companies is irresponsible, and makes us all less safe.
Still, until outraged customers can shame vendors into getting rid of the tax, many businesses have to figure out how to live without SSO. For them, the best route is likely to be a password manager, which also reduces weak and re-used credentials, and enables secure sharing across teams. And a password manager is likely a good investment anyway, for the apps that aren’t integrated with SSO.
To learn more about the past, present, and future of the SSO tax, read the full blog post.
This RSS sponsorship ran on Friday, 30 August 2024.