Show HN: Ending the Absurdity of SSO Tax – Introducing ssotax.org

14 points by mathiasn 1 year ago | 4 comments
Ever heard of the SSO Tax? In short, it's a tactic where software vendors bully security-conscious companies to upgrade to costly enterprise plans. They do this by gating SSO (Single Sign-On) features behind their priciest options, causing companies to pay up to 70 times their standard rates.

As a former CTO at a VC-backed and security-conscious company, I've faced the tough choice of skipping costly enterprise upgrades, even when SSO was crucial.

Take a look at Notion: to access SSO, they casually double their standard pricing.

Imagine buying a Tesla and being charged extra to unlock full braking power. That's what SSO Tax is - vendors exploiting a built-in feature, essential for security, to extract excessive fees.

So, why initiate a new project?

Rob Chahin's work on sso.tax initially highlighted this issue. However, the site's updates dwindled, and data became outdated. Despite offering assistance, I received no response, leading to the creation of https://ssotax.org. While there has been short spike of activity post-fork, it already stopped again. That’s what we’ve seen often in the last few years. Instead, I want to give the topic the attention it deserves.

In addition of integrating all pending PRs and enriching the data, I’ve introduced a new feature: "Friends of SSO". We should not only call out unfair practices but also praise vendors who are committed to security!

Furthermore, I’d love to raise awareness about vendor practices by utilizing Twitter and Linkedin to publicly praise or critique them. The goal is to get attention for the topic, ideally sparking conversation with the vendors involved.

What are your thoughts on getting rid of the SSO Tax? Excited to hear your ideas!

  • quickthrower2 1 year ago
    Ha ha. I noticed the SSO tax and it has stopped us SSOing all the things which would be nice from a security point of view.

    I think vendors use SSO as a feeler for “company has more money to spend on us” so if you want to eliminate SSO tax you need to give them a new thing to grade enterprises on. However a simpler thing would be like Docker etc. who look at ARR.

    • mathiasn 1 year ago
      Yes, that's what I heard too. I mean they still have SCIM which allows you create/remove user accounts via API. Although that's still security relevant, giving at least SSO out for free would help already. Still, I would prefer something that does not relate to security.

      What do you mean with Docker? I saw on their page that they offer SSO on the highest tier, so they do not look solely on ARR then?!

      • quickthrower2 1 year ago
        I didn’t know about their SSO sorry, I just meant their desktop licensing based on paying once you reach a certain revenue.

        If companies use SSO as a rough proxy for “willing to spend” then they can use ARR instead as it is more direct.

    • StimDeck 1 year ago
      Auth0 jacked up their prices for enterprise SSO after a very low number of integrations. Previously they were much more affordable.