[justin_oaks]

> Until SSO is as plug n play for users as Google Sign-in

I noticed that Slack offers "OAuth with Google" for their Pro plan (lowest paid tier) but SAML SSO requires the more expensive Business+ plan.

Would it make sense to allow everyone to use the "easy" SSO and require higher payment for stuff that's complicated and easy to screw up?

[cratermoon]

SAML is way more of a beast to configure and maintain compared to any oauth-based flow. One reason is just that SAML is more complex, because it does a great many different things for many different use cases. The other reason is that setting up SAML requires humans to coordinate the trust setup and key exchange between the IDP and Relying Party. For typical setups, oauth is pretty much self-serve, but where I worked setting up a new SAML customer required a senior engineer to personally handle it every time.

[scott_w]

That’s exactly what everyone does. Most even put Google Sign-in into their free plans because it’s a great way to increase sign-ups.

The main benefit of SAML comes from the permission management and standardisation across systems. Its also what starts to make it complex beyond just writing the code.