[reactordev]

It looks like it’s strictly for OAuth 2.0 flows. No SAML, no ldap, no Kerberos, so it’s just a basic key exchange for those who can’t be bothered. Auth is hard and consumes too much sprint cycles, as is, so anything is welcome in this space. I personally will stick to keycloak.

[Alupis]

The people who require SAML, LDAP and Kerberos are often catering towards a specific userbase (ie. internal business customers).

The needs for Auth & Auth are different for public-facing apps/services. It's not entirely unsurprising many newer Auth solutions don't even attempt to implement SAML et al.

With all of the recent steep price hikes in the Auth SaaS space, it seems it's becoming increasingly important to actually own your user account data. By own, I mean have access to the database and be capable of migrating it somewhere else (even at a large inconvenience) if necessary.

KeyCloak seems awesome for this - but I am liking the "explosion" of new Auth providers that seem to be popping up everywhere these days.

[mooreds]

Disclosure: I work for FusionAuth.

You should check out FusionAuth if you are looking at KeyCloak. We play in a similar same space (self-hostable, support for SAML, OIDC, OAuth2). I'd say KeyCloak has wider coverage for some of the more esoteric standards and is open source while we have a more modern API, dev-friendly docs, and great (paid) support.

FusionAuth is not open source, but you can self-host it for free and own your data[0]. Or let us run it for you. In the latter case, you still own your data--get it all from our cloud if you want to migrate.

I'm proud that the team wrote an offboarding doc[1]. It's your darn customer data, and every provider should support out-migration.

0: https://fusionauth.io/download

1: https://fusionauth.io/docs/lifecycle/migrate-users/offboard

[efitz]

Maybe I’m not your target audience but Yikes! Your pricing was unexpectedly high.

Also it’s not clear what premium features were or why MFA is a premium feature but only available at top tiers.

[mooreds]

Hiya, thanks for the response.

Our pricing is kinda complicated as discussed before[0]. We're working on simplifying things.

Here's a list of features[1] which hopefully are clearer about what you get on what plans.

Where things get complex is that we sell both features/support and hosting, and you can buy both, either or neither from us. Our hosting isn't multi-tenant SaaS, but rather dedicated infrastructure providing network and database level isolation. That means what we offer is different than say a Stytch that offers a multi-tenant logical isolation.

Most folks that are price conscious run it themselves on EC2 or Render or elsewhere[2].

0: https://news.ycombinator.com/item?id=41269197

1: https://fusionauth.io/feature-list

2: Here's render instructions: https://fusionauth.io/blog/fusionauth-on-render

[Alupis]

To be fair, the pricing there is not out of line with other hosted SaaS auth services. The segmentation is also not out of line either.

However, the paywall (for all of these auth services) ends up being quite steep for the couple features that matter for a non-hobby app, such as custom domain name and MFA (totp or hooking up to an external SMS service). Unfortunately it makes these features expensive when you are starting out (paying ~$40 a month for only a handful of users, sort of thing...).

It is nice to see more and more of these services allow you to take out your data and migrate though - including the self-hosted options. Being vendor-locked for your user account data is a really big deal in my opinion. It often means having zero good options if the vendor decides to rake you over the coals one day.

[mooreds]

Hiya, thanks for the feedback.

TOTP based MFA is included in the free, community plan.

As I mentioned elsewhere, for folks who are price conscious, self-hosting is the better option.

But I get it! The story I tell internally all the time is that when I was working at a startup, our entirely hosting bill was on the order of $200/month (on Heroku; it was a while ago). There's no way we would have paid $350 just for an identity solution. But we would probably have chosen to host FusionAuth community on heroku for much much less and operated it ourselves.

Anyway, thanks for your feedback.

[sontek]

Most b2b products are going to need SAML auth. Any reasonably sized tech business will want to onboard their employees into the software through SSO and the easiest way to do that is usually SAML if they are using something like Okta or JumpCloud.

Along with that, if they have compliance requirements like SOC2 then they really want the whole flow including offboarding any employees that have left the company.

[Alupis]

You are describing enterprise, not normal b2b. Majority of businesses out there buying SaaS/PaaS products are not big enterprise with SSO needs nor compliance requirements. The SMB market is huge.

Enterprise types of users are their own beast.