Fair enough. I couldn't find information of self-hosting enterprise on their site, but did in the GitHub repository [1] and 200GB is indeed a lot. At the same time it's also a non-starter for me. I'm not going to install "enterprise" anything where I'm going to start depending on it, and one day the price will go up to ???.
> enterprise SSO solutions like Okta are not free for users and cost a lot of money for organizations to implement and use.
There are free and open source solutions like Keycloak and Zitadel. I don't dispute they are less common than Okta and Entra, but the definitely exist and are deployed in the real world. My workplace (state government) uses Keycloak for example.
Another thing that the article doesn't really touch is that SSO is locking a security best practice, important for an organization of any size, behind a paywall. With SSO, when someone leaves the organization you can disable their singular account and be confident they are locked out of your shared folders, gitlab, jira, etc, etc, rather than having to manually track down and disable each one, with a high likelihood of missing something. This is important for an organization of any size > 1 from a bootstrapped startup all the way to fortune 500. Hiding it behind higher cost makes it more likely that an org will try to do without and have a security breach as a result.
I also take issue with:
> Developing and maintaining SSO solutions requires significant investment in research, development, and infrastructure.
Having done it myself, this is overstated. No feature is free but implementing a SAML or OAuth flow is not THAT much work, nor does it represent a huge amount of ongoing maintenance.
I actually don't mind the SSO tax too much in cases where it's the differentiator between free or open source vs paid. I find it far more egregious when it's a product that already has a cost and SAML auth jacks up the price 2-10x. I don't think the blog post is a particularly good discussion of the tradeoffs though.
If your platforms enterprise offering includes having SSO as a value driver to upgrade, you've defined your products value proposition wrong.
Ahh you want to make it easier to enable this in your org, in order to get better adoption and ensure the data in our app is more secure, yeah you're going to need to pay us for that.
| The way we think of it is, are you a large enterprise that is already spending a lot of money on security and SSO solutions like Okta? If yes, you should be able to pay us as well for the same level of security.
| Vendors need to recoup costs
| Industry standards: The SSO tax has become an industry standard
Well in that case fine /s
1 - is OpenObserve providing SSO security for ALL your applications, no. Is it doing SCIM, Identity Governance, provisioning, no... its like saying you pay for a sandwich, why dont you pay for the door you used to come into the shop as well. Door tax.
I bet they don't charge you to recoup costs on implementing a JS library? Why are they 'recouping costs' on adding support for OIDC/SAML standards. Build your solution to support SAML/SCIM and OAuth, allow anyone to consume it.
Why?
Adoption and security. Anyone who's a Google Workspace or Microsoft shop has an IDP (albeit basic but OK). Most orgs see the IDP capability there as free. They are then seeing the ability to leverage it as a paid offering in the SaaS apps they buy. So on the one hand, the Identity Provider is free, but the SSO endpoint on the app is paid? Wild.
Also, this is wild:
| For our cloud service we provide SSO in our free tier for following providers with plan to support more in future: Google,GitHub,GitLab,Microsoft
This is great, well done.
| SAML and OIDC are available in our enterprise tier.
WTF? The built out integrations that you had to make UI elements for, offer free (that vendor recoup argument died here). The ones that are generic, are paid for. Ahhh thats right, the generic ones are the ones that let you use Okta, Ping, OneLogin, Keycloak etc etc. Got it, the "valuable" ones.