Mattermost integrations1/4/2024 No two vendors implement the spec the same way. The SAML specification is flexible and has a number of options to cover a range of possible cases. One of the most popular is through an XML-based open standard called Security Assertion Markup Language (SAML). There are multiple ways to implement SSO. SSO usually has 2FA built in too, creating additional complexity that must be considered alongside other system-level integrations. Orchestration and feature enablement are dependent upon IdP functionality and require new business logic with implications for mobile and two-factor authentication (2FA). It takes considerable work to seamlessly adapt an app’s login flow. SSO integration goes beyond building features and functionalities and ensuring they perform. If you want to read about another journey in adding SSO to an enterprise product, here’s how Stack Overflow did it. Since none of the IdPs functions identically and there are so many SSO providers, you’ll need to maintain multiple integrations in parallel. Different enterprises use different IdP solutions: some may use off-the-shelf solutions like Okta or Azure Active Directory, while others have their own custom homegrown solutions.Īny vendor wishing to sell to these companies must integrate with all of these IdPs, which means managing both IdP authentication and native credential-based users (that is, a username and password native to the vendor’s platform). At some point developers end up needing to integrate their product with an IdP, usually beginning with whatever their biggest customer needs. This works for customers with basic requirements, allowing people to use different models with high modularity. Most developers build apps by using OSS packages, such as Devise, which handles authentication for Ruby on Rails. The key thing to understand about SSO is that it’s an integration problem. The lesson here is that without SSO and other enterprise features, a product can only go so far. The work to add those features proved too much for us, and kept us from commercial market success. As a small startup, we had designed our app for everyday users and not for enterprise adoption, so we weren’t prepared to integrate with an IdP or satisfy other enterprise requirements. We were excited to be speaking to enterprise clients about adoption, but they needed enterprise features to roll out Nylas at scale. It wasn’t long before we needed to commercialize, which is when we faced a whole new audience of buyers: IT leaders and procurement professionals. It became a very successful open-source project, and we raised more than $10M in an attempt to dethrone Microsoft Outlook. I started Nylas Mail in 2013 after writing the initial lines of code in my dorm room at MIT. Let me tell you about the first time I tried to implement SSO. Let’s break down why, then offer some alternative approaches. SSO is unexpectedly challenging to do correctly and consistently. It can cost precious weeks (or months) to implement SSO for an enterprise deal and, to many developers’ surprise, what worked for one enterprise customer may not work for the next one. If you are a small startup, or even a mid-sized business with a busy engineering team, this work can be a major drain and slow down your ability to begin acquiring enterprise clients. Unfortunately, there can be so much room for interpretation in these specifications that SSO implementation becomes difficult, slow, and risky. When faced with the challenge of building those integrations, many developers will roll up their sleeves, read authentication and authorization specs, and get to work. SaaS products are often designed for usernames and passwords, not complex integrations with identity providers (IdPs) like Okta, Google, or Active Directory. Most SaaS startups want to sell to enterprises, but many are unprepared for an enterprise’s most-requested requirement: single sign-on (SSO).
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |