[mtmail]

Oh, I didn't answer the "How do you come up with the pricing" part.

Pricing is usually the same only scaled higher. We have an Excel spreadsheet that's an extension of the public pricing page. Then we look if something is complicating the contract (but we might only insist on minimum contract length, not higher price) or making it easier (they need less features which actually cost us less money and we can give discounts).

That's for an established SaaS. I assume any new SaaS only few months old will just make prices up on-the-fly (we did!).

[Terretta]

It's not the price. It's the stupid insistence on putting "SSO" -- which even a single dev should be doing, preferably using OIDC so nobody does any work! -- behind that button.

[nlitened]

Those who really need SSO are willing to pay extra — why not charge them more for something that is useful for them?

[kuschku]

OIDC is the only way to get proper 2FA into all services without adding tons of friction. Friction reduces acceptance and usage of 2FA.

Every service that puts SSO in an enterprise tier is a security risk and shouldn't be touched with a 10 foot pole.

Go ahead and put Kerberos and SAML and maybe even LDAP SSO in Enterprise tier, but if you put OIDC in enterprise tier, you're responsible when your customers will get inevitably hacked.

[nlitened]

If an organization made a deliberate choice of not paying 5000 USD/mo for extra security, then security is less important for them than this amount of money — so they get what they pay for, and it’s their responsibility.

[kuschku]

By that same argument, you could also make security patches exclusive to the enterprise version for a certain amount of time after they've been released.

Only big corporations need security, after all, if a small company gets hacked, well, they should've paid more?

What kind of late-stage capitalism is that? You're knowingly selling an insecure version and somehow it's the customer's fault they didn't buy the "actual security" addon?

[nlitened]

I am ready to agree with you if you’re not being hypocritical here. Surely you’re doing only the best work for your employer, and spending your own unpaid leisure and sleep time on honing your non-marketable but company-demanded skills, undergoing psychotherapy to get along better with your manager, and thinking of all the opportunities to save your employer more money.

It would be a shame though if you demanded unpaid work from others, but didn’t live by the same rule yourself.

[TeMPOraL]

Should != really needs to. There's a lot of money in the delta between the two.