[ilyt]

Or in general wanting to do "what industry does", not the solution that people they pay and work with actual product and their customers invented.

> The most egregious abuse was when a team that had to deal with maybe 100 logins per day spent over 6 months researching how to build their auth system to match Big Tech. They could have picked any off the shelf solution and been done in a week, but instead it became an endless boondoggle of research, presentations, proposals, and committees. Several people were even planning conference talks around it, so it started to evolve into whatever would sound best for their talks.

To be entirely fair, after dealing with the reverse way of solving it ("just the simplest solution that works", which was just a bunch of static passwords per app) I'd say spending a bit extra to start with good solution for auth in your 50 man company will save a whole massive amount of pain when company grows both in internal service count, users, and compliance requirements.