[hylaride]

If you're a SaaS vendor, you want to make onboarding and logging in as easy as possible and being able to do things like add a "login with google/apple" button or other third party SAML/SSO tooling is one way to do that. Supporting that workflow sucks as it can involve very finicky integrations involving certificate trusts, etc.

[whstl]

Those authentication providers require you to do the same Google/Apple OAuth certificate configuration yourself, and you even have to pay the 99 euros for Apple.

SAML/SSO is indeed finicky, but the problematic part (mapping attributes) is often done by IT teams, ESPECIALLY if you use a third-party provider.

[grinich]

WorkOS has a built-in workflow for all the complex SAML/SCIM attribute mapping.

https://workos.com/docs/directory-sync/attributes

Also certificate renewal flows:

https://workos.com/changelog/certificate-renewal-flow

(I'm the founder.)