| > enterprise SSO solutions like Okta are not free for users and cost a lot of money for organizations to implement and use. There are free and open source solutions like Keycloak and Zitadel. I don't dispute they are less common than Okta and Entra, but the definitely exist and are deployed in the real world. My workplace (state government) uses Keycloak for example. Another thing that the article doesn't really touch is that SSO is locking a security best practice, important for an organization of any size, behind a paywall. With SSO, when someone leaves the organization you can disable their singular account and be confident they are locked out of your shared folders, gitlab, jira, etc, etc, rather than having to manually track down and disable each one, with a high likelihood of missing something. This is important for an organization of any size > 1 from a bootstrapped startup all the way to fortune 500. Hiding it behind higher cost makes it more likely that an org will try to do without and have a security breach as a result. I also take issue with: > Developing and maintaining SSO solutions requires significant investment in research, development, and infrastructure. Having done it myself, this is overstated. No feature is free but implementing a SAML or OAuth flow is not THAT much work, nor does it represent a huge amount of ongoing maintenance. I actually don't mind the SSO tax too much in cases where it's the differentiator between free or open source vs paid. I find it far more egregious when it's a product that already has a cost and SAML auth jacks up the price 2-10x. I don't think the blog post is a particularly good discussion of the tradeoffs though. |