undefined | Better HN

0 pointsalberth5y ago0 comments

Hi Bron

Really appreciate you noticing my comment and responding. I really love your company for its values (and it doesn't hurt that you have the best webmail interface I've ever used ... and I've used them all).

Essentially, I have a small company of 11 employees. All remote. We have no on-premise infrastructure, cloud for everything. The vast majority of my team use: Github, Zendesk, Zoom, and Slack daily.

Whenever I hire a new employee, without SSO (and identity management), I have setup a multiple account credentials just for that single employee (and off boarding employees to deactivate access is a whole bigger issue).

It's not uncommon that an employee of mine might have 8-10 different username and passwords for all the various systems they use daily. Because of differing username or password retention policies, the usernames might be different and/or the passwords become out of synch because one provider is on a 90 day password change when another is on a 60 day password change. It's a mess and I'm sure people have sticky notes with their username/password written down just to keep up with all of their various username/passwords.

By having SSO/IdP provided by our email provider, I can eliminate all of these problems. Note: I'm not saying for you to accept SSO from a 3rd party - I'm suggesting that Fastmail be the Identity Provider (IdP) for my employees so that they can use their Fastmail (my domain) account with Github/Slack/Zendesk/etc.

Here's some SSO documentation from common 3rd party services we use.

Again, thanks so much for considering this. I would LOVE it if you became an IdP/SSO provider. Happy to answer any more questions.

EDIT: I should mention that I've looked into Okta in the past but for sites that don't support SSO, what Okta does is essentially a formfill/Lastpass like feature. Which kind of makes me uncomfortable. But if Fastmail allow SSO, Okta becomes more appealing (though not required)

EDIT2: this might be more heavy weight that you're looking for but I know at one time the gold standard for open source SSO offerings is OpenAM (it's the forked SSO offering that was from Sun back in the day and Sun at the time was the IAM leader). https://github.com/OpenIdentityPlatform/OpenAM/

[1] https://docs.github.com/en/github/authenticating-to-github/a...

[2] https://slack.com/help/articles/203772216-SAML-single-sign-o...

[3] https://support.zendesk.com/hc/en-us/articles/203663826-Sing...

0 comments

2 comments · 1 top-level

brongondwana5y ago· 1 in thread

Thanks for the kind words!

We have a similar issue in terms of onboarding and offboarding - we have a rather large checklist which has migrated from Dropbox Paper to being a Notion template these days - but it still has a large set of checkboxes and we edit it at least as often as we on-and-offboard people (and try to remember to update it in between as well, if something changes).

So I'm seeing two possible requests here:

1) become an ID provider that can be used by other sites; or

2) support Okta (I've had a call with them, and we're looking into the OpenId Connect stuff and what would be involved in allowing that to mint sessions safely)

No promises on timelines of course, but we know that this is something of value to small businesses! And we'd probably use it ourselves if we had it, which is also great because dogfooding is important.

alberthOP5y ago

Even though I know you’re not promising anything, just the fact that Fastmail genuinely asks & wants to hear feedback is why I love you guys so much.

Hope more folks use you guys.

j / k navigate · click thread line to collapse