[_AzMoo]

> it seems like sso could be cheap oauth in house

It's outsourcing risk. Auth is hard, we all know it (yes, it is hard), and it's cheaper to outsource to a company who has it as their core competency, than hire internal experts.

[dclowd9901]

“Cheaper” is an interesting term to use when we’re talking about auth. I guess it depends on how much a company values the ability of outside entities to not have access to internal resources. Some companies would peg that value at the entire value of the company.

[redserk]

A lot of companies rely on third party vendors for physical access management because who wants to in-source maintenance of locks/doors/badge readers/etc.

I’m not sure why it comes across as unusual for wanting to outsource a service that is incredibly easy to get wrong to someone whose core focus is getting that right.

Unfortunately Okta seems too eager to downplay these incidents, but that doesn’t mean all authentication services are equally flawed.

[recursive]

Some companies also trust an outside entity to get it right more than they trust themselves.

[guitarbill]

Some companies are also happy to be able to blame a third party. And there's safety in numbers. A risk mitigation of a different kind.