Ask HN: How important is Single Sign-On (SSO) for an application?

8 pointsswaptr1y ago8 comments

I have recently seen a lot of Saas/Micro-Saas offering SSO which leaves me wondering if it is common in the industry. Does your organization use one? Builders, do you spin up your own infra for SSO (keycloak, etc) or you use some serivce like Auth0 etc?

8 comments

atilla_bilgic1y ago

Her are my two cents.

For all type and size of the businesses, having an IAM governance is important. This way password policies can be set up and enforced.

When the SaaS landscape starts growing, this governance becomes more important and mission critical. The attack surface of the business expands with the number of passwords needed to manage by the employees.

In the above picture SSO brings significant relief to IT and Finance managers with less management hassle and reduced risk scores on the business side.

For the employees, SSO integrations gives more streamlined and smooth experience.

7bit1y ago

Not only password policies, but authentication policies as a while. For example, the location from where you may authenticate, or the times, the IP address ranges, the device you're using, and so on.

It is also important for user account lifecycle. If a user joins or leaves the company, IT need to be able to grant or revoke access without having to go on an individual account hunt.

If a service does not offer SSO (or a good implementation of it, because most services seem to follow some YouTube guide in how to add SSO - it's that bad) our policies forbid us from buying it.

swaptrOP1y ago

Interesting. How do you analyze if a SSO implementation is good or not?

1 more reply

codingdave1y ago

It isn't that SSO is important because of your application - it is important because of your audience -- B2C apps don't need SSO. B2B apps probably do.

crazyrabbitrap1y ago

I think this blog explained why in details: https://blog.logto.io/sso-is-better/

j / k navigate · click thread line to collapse