[Terretta]

For the HN B2B startups here supporting Google Workspace SSO and not Microsoft Azure SSO, or offering Sign in with Google and not Sign in with Microsoft... why?

85% of big businesses are on the one you don't support.

"Results for the Fortune 500 [to see who's on Azure AD using a] CSV with a list of all the Company Names for all 500 companies. Running it through this script, I find that 417, or 83.4% of companies have AAD, which is just a little off from Microsoft’s public claim of 85%."

https://www.shawntabrizi.com/aad/does-company-x-have-an-azur...

See also this top comment: https://news.ycombinator.com/item?id=33046968

[netsectoday]

There are legions of people who swore off anything M$ years ago when they found alternatives that worked better for them, and they stuck to it.

Here's the perspective from the outside: M$ has billions of lines of code, or more, and they just keep patching their software. They established their way of doing things years ago with DOS and have built on top of that since. That's how the entire industry has done it, but since M$ got so big they can't just refactor things and drop support without a billion people yelling at them, so they keep the old code and just keep patching.

They have so many people banging on their software that most of the failures are caught pretty quickly, but then there are the edge cases that don't fit into daily business activity and M$ gets pwned in that space. Their software is so vast that it doesn't cover their entire decision tree, so on the edges people begin to play around and find things not covered by testing. They might be complicated exploits that tie many things together, but it's not beyond the general public to find them with a little digging. This opens up a full exploit on M$ systems or infrastructure, then they get around to patching it a month or two later.

From the perspective of a CISO this is unacceptable. I prefer my auth software to be explicitly precise.

This might sound crazy to someone who is in an industry where "everyone is doing it", and there appears to be no other way to integrate but with M$. I'll let you know we both feel the same way because it's crazy to use (and pay for) such slovenly designed software.

[matthewaveryusa]

azure AD presence does not imply they use msft sso as their sso.

sso integration when interacting with a fortune 500 will be a minuscule aspect of the arrangement should you get there. an f500 does not simply decide to use your product and do an sso integration et voila. they want a compliance regiment, a custom crafted legal arrangement, risk assessment, probably an onprem discussion, if you’re small enough a straight out purchase discussion. months if not years of negotiation. basically the sso button is the least of your concerns.

[psidebot]

Even if they don't use Azure AD as their primary SSO you can often federate indirectly via Azure. For many large corporations, an auth against Azure redirects to Microsoft, then to whatever enterprise SAML2 service they're running, then back to Microsoft to pick up an OIDC token or SAML transformation, then back to your app. Instead of supporting however many SAML 2 providers with custom claim mappings you get Azure's reasonably straightforward token. You can also pick up Azure group membership (which many companies maintain or sync from on-prem AD) which is nice for mapping application roles.

[Godel_unicode]

I hope others listen to this and continue to believe that growing through being a great shadow IT option isn’t viable. Makes my life much easier!

If you want to be used by business users in a hurry, be under their p-card limit and support their SSO out of the box.

[yowlingcat]

It sounds like this is exactly a path you have taken with B2B PLG. Mind throwing the rest of us a bone and giving a sense of what your seats/month and/or growth in seats/month looks like?

[dustymcp]

The hate is very big and developers will convince their bosses something is superiour without understanding business needs.

[robertlagrant]

I don't know much about GW SSO but AAD is a per-tenant thing, and IT departments may have to add your application to it before it works?