What's more annoying is that every sass product on the planet puts sso behind their most expensive "ask us the price" tier.
Microsoft should be including sso in their baseline/free products and all enterprise and wanna-be-enterprise software should put it in its base tier.
Logon security shouldn't be tucked behind a paywall or held hostage as a bonus quadruple the price feature, because breaches have wide reaching consequences past just the company attacked going down.
I would like to add that configuring Azure AD as an SSO provider is available to any tenant free. Some of the functionality like Conditional Access does require paid licensing.
I’m aware of a number of businesses that are very happily using Keycloak in production. Not everyone can, although there is RH SSO if you need the support contract.
Then there’s Gluu, Authelia, and many others depending on your needs.
Sadly even with basic security we can’t seem to fully trust our own vendors to have our interests at heart.
SSO without conditional access is almost worse. It's like Microsoft knows it COULD stop attackers from entering the account, but wont unless you pay them more. To give them credit, at least MFAuthenticator apps are free (and now basically forced.)
We mitigate this by disabling non-phishing resistant MFA factors in the tenant. You can achieve some of the Conditional Access MFA controls using the new MFA options and user groups, but it is not the same and doing it well requires a little more planning and sanity checking.
Microsoft should be including sso in their baseline/free products and all enterprise and wanna-be-enterprise software should put it in its base tier.
Logon security shouldn't be tucked behind a paywall or held hostage as a bonus quadruple the price feature, because breaches have wide reaching consequences past just the company attacked going down.