| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by deepakprab 1460 days ago

Disclaimer: I am the co-founder of BoxyHQ, an open-source alternative to WorkOS.

Historically SSO (especially SAML), Directory Sync, Audit logs, enhanced roles/permissions, etc. have always been something that only Enterprises needed. We think this is now getting commoditised and should start becoming available to all customers, a big reason why our core products are on an Apache 2.0 license and startups can use it for free.

A lot of these features also tie back to security and compliance (please bear with me, I know compliance is normally just a peacock dance and has nothing to do with true security but it is still necessary to do the dance). They definitely come with a cost to implement (even if the solution is bought from vendors like us), maintain and more importantly customer support costs.

- One way to make these features table stakes would be to include it in all plans but for instance limit SSO to the top 5 Identity Providers (Okta, Azure, OneLogin, PingIdentity and Duo), normally the ones with bespoke SSO implementations are usually enterprises in any case so you can still command a higher price point for them. - Another effective way is to say that RFPs/Security Questionnaires are only included in the Enterprise tier, the other tiers should be able to make do with a DPA and your InfoSec policy/ISO 27001/SOC2 docs. For enterprises this step is something they cannot skip, it's part of the procurement process for them. - But the best thing to do if possible would be to add some core features/enhancements to your product that are absolutely essential for enterprises.

This is the point sso.tax is trying to make as well, they want the SSO feature to be available to everyone without having to pay a large premium on the price (which is usually high for startups/SMBs to justify paying for).

Ultimately you have to have the right price segmentation and the reality is even the best companies struggle with being able to serve all segments effectively.

Auth0 and Okta for example, after you hit some magical thresholds force you into talking to sales who then try to upsell enterprise plans and most startups can't afford those price points and anything less than those price points does not move the needle for Auth0/Okta so they end up ignoring the lower segments.