undefined | Better HN

0 pointsAlupis1y ago0 comments

The people who require SAML, LDAP and Kerberos are often catering towards a specific userbase (ie. internal business customers).

The needs for Auth & Auth are different for public-facing apps/services. It's not entirely unsurprising many newer Auth solutions don't even attempt to implement SAML et al.

With all of the recent steep price hikes in the Auth SaaS space, it seems it's becoming increasingly important to actually own your user account data. By own, I mean have access to the database and be capable of migrating it somewhere else (even at a large inconvenience) if necessary.

KeyCloak seems awesome for this - but I am liking the "explosion" of new Auth providers that seem to be popping up everywhere these days.

0 comments

mooreds1y ago

Disclosure: I work for FusionAuth.

You should check out FusionAuth if you are looking at KeyCloak. We play in a similar same space (self-hostable, support for SAML, OIDC, OAuth2). I'd say KeyCloak has wider coverage for some of the more esoteric standards and is open source while we have a more modern API, dev-friendly docs, and great (paid) support.

FusionAuth is not open source, but you can self-host it for free and own your data[0]. Or let us run it for you. In the latter case, you still own your data--get it all from our cloud if you want to migrate.

I'm proud that the team wrote an offboarding doc[1]. It's your darn customer data, and every provider should support out-migration.

0: https://fusionauth.io/download

1: https://fusionauth.io/docs/lifecycle/migrate-users/offboard

efitz1y ago

Maybe I’m not your target audience but Yikes! Your pricing was unexpectedly high.

Also it’s not clear what premium features were or why MFA is a premium feature but only available at top tiers.

mooreds1y ago

Hiya, thanks for the response.

Our pricing is kinda complicated as discussed before[0]. We're working on simplifying things.

Here's a list of features[1] which hopefully are clearer about what you get on what plans.

Where things get complex is that we sell both features/support and hosting, and you can buy both, either or neither from us. Our hosting isn't multi-tenant SaaS, but rather dedicated infrastructure providing network and database level isolation. That means what we offer is different than say a Stytch that offers a multi-tenant logical isolation.

Most folks that are price conscious run it themselves on EC2 or Render or elsewhere[2].

0: https://news.ycombinator.com/item?id=41269197

1: https://fusionauth.io/feature-list

2: Here's render instructions: https://fusionauth.io/blog/fusionauth-on-render

AlupisOP1y ago

To be fair, the pricing there is not out of line with other hosted SaaS auth services. The segmentation is also not out of line either.

However, the paywall (for all of these auth services) ends up being quite steep for the couple features that matter for a non-hobby app, such as custom domain name and MFA (totp or hooking up to an external SMS service). Unfortunately it makes these features expensive when you are starting out (paying ~$40 a month for only a handful of users, sort of thing...).

It is nice to see more and more of these services allow you to take out your data and migrate though - including the self-hosted options. Being vendor-locked for your user account data is a really big deal in my opinion. It often means having zero good options if the vendor decides to rake you over the coals one day.

1 more reply

sontek1y ago

Most b2b products are going to need SAML auth. Any reasonably sized tech business will want to onboard their employees into the software through SSO and the easiest way to do that is usually SAML if they are using something like Okta or JumpCloud.

Along with that, if they have compliance requirements like SOC2 then they really want the whole flow including offboarding any employees that have left the company.

AlupisOP1y ago

You are describing enterprise, not normal b2b. Majority of businesses out there buying SaaS/PaaS products are not big enterprise with SSO needs nor compliance requirements. The SMB market is huge.

Enterprise types of users are their own beast.

j / k navigate · click thread line to collapse

0 comments

mooreds1y ago

Disclosure: I work for FusionAuth.

I'm proud that the team wrote an offboarding doc[1]. It's your darn customer data, and every provider should support out-migration.

0: https://fusionauth.io/download

1: https://fusionauth.io/docs/lifecycle/migrate-users/offboard

efitz1y ago

Maybe I’m not your target audience but Yikes! Your pricing was unexpectedly high.

Also it’s not clear what premium features were or why MFA is a premium feature but only available at top tiers.

mooreds1y ago

Hiya, thanks for the response.

Our pricing is kinda complicated as discussed before[0]. We're working on simplifying things.

Here's a list of features[1] which hopefully are clearer about what you get on what plans.

Most folks that are price conscious run it themselves on EC2 or Render or elsewhere[2].

0: https://news.ycombinator.com/item?id=41269197

1: https://fusionauth.io/feature-list

2: Here's render instructions: https://fusionauth.io/blog/fusionauth-on-render

AlupisOP1y ago

To be fair, the pricing there is not out of line with other hosted SaaS auth services. The segmentation is also not out of line either.

1 more reply

sontek1y ago

Along with that, if they have compliance requirements like SOC2 then they really want the whole flow including offboarding any employees that have left the company.

AlupisOP1y ago

You are describing enterprise, not normal b2b. Majority of businesses out there buying SaaS/PaaS products are not big enterprise with SSO needs nor compliance requirements. The SMB market is huge.

Enterprise types of users are their own beast.

j / k navigate · click thread line to collapse