[Roguelazer]

Missing one of the key reasons: most SMBs are sharing seats (usually in violation of the license terms for the products they're using), which is rather harder with good SSO products. Per seat licensing for b2b products is lucrative, but carries the risk that you're just pushing your customers to share passwords, which is usually way worse for security.

[revicon]

Forced two factor auth can often solve this kind of thing though.

[hananova]

Why would that help? Where I work we have a central server with some phones connected that act as the 2FA devices for every service where not all employees have their own account, with an internally developed browser extension that grabs the access code from this server upon login.

[plorkyeran]

Or more primitively than that, I've seen small offices have an old shared phone with a bulging battery that's used for 2fa (or even just having it attached to someone's personal phone and just asking them for the code when you need to log in).

[scott_w]

1Password and LastPass both offer this feature, too.

Don’t use LastPass though.

[neilv]

Impressive. Is the reason for this "2FA server" to circumvent per-seat licensing, or some other reason?

[scott_w]

It’s also because there might only be one super admin account allowed, which also needs to be the most secure. But you don’t want the person with the 2FA codes to wander off with them one day!

[modo_]

Only if you require text message based two factor. Password managers like 1Password allow you to store your OTP within them and share that + the password internally within your team

[noprocrasted]

I've set up multiple times a phone-to-Slack proxy for this exact reason. In my case it was a VoIP number, but if that's blocked, Android has many SMS-to-webhook apps and even entry-level industrial LTE routers generally have this feature so you can use a real SIM card.