[mato]

The combination of 'it just works' and 'SSO integration' is a killer.

To be honest, in 20+ years of working in IT, I never understood the point of the latter until recently, on a gig salvaging systems for a client with ~650 users after their sole IT guy unexpectedly resigned after 20 years and left for the mountains.

IRL, SSO is gold. Many hackers, like me, underestimate it.

[moduspol]

And not just SSO, but OIDC. You don't even have to be an admin on your domain to set it up. If you have a Gmail or Office 365 e-mail address @mycorp.com, you can set up SSO for it on your tailnet in seconds. Your team members authenticating for the same domain will join your tailnet automatically.

And that's for the free and cheap tier. If you want the fancy stuff (like SAML and automatic user provisioning / filtering), they've apparently got that, too, but it's in the more expensive tiers.

[snotrockets]

SSO is basically tablestakes for compliance: customers would ask about your access control (or just if you have _that_ audit report, which has a lot of questions about it).

And trying to do access control without SSO is crazy: you need to keep track of application and users and their interactions. I wouldn't run any team with more than 10 people without it.