Ask HN: Early B2B SaaS without features like SSO, OAuth login, etc.?
Hi. I have been using email login and admin users can invite their colleagues by email address.
Of course, many established companies offer SSO, ability to login using Google, Apple, other oauth.
I asked around to my test users and a few potential users and they mentioned email is fine. In my own experience as a SWE I used many softwares at work which used just email login. However, many more offered a bunch more.
Will it be fine to open it up to broader audience without all these things?
SSO has various levels. You can do a "Login/Signup with Google" using any of the popular frameworks in a day or so. On the other hand, if you need to do full Enterprise level SSO (SAML, Audits, SCIM etc etc), you have more work to do.
Look at it this way. If your product solves a real problem for your potential customer, they wouldn't care about how to signup for it. Not until they tell you that SSO is a must. Until then, don't sweat it and keep going.
This is exactly what we built WorkOS for.[0]. I’m the founder and we launched on HN a few years ago.[1]
Our auth service is free up to 1,000,000 users. We charge for enterprise features. Send me a note if you’d like to chat![2]
[0] https://workos.com/user-management
[1] https://news.ycombinator.com/item?id=22607402
[2] mg@workos.com or https://x.com/grinich
Pretty generous and also thanks for radix!
Your potential customers are the ones to ask. The opinions here will be varied, and unhelpful.
Unless your target market is HN folks. If it is, you're absolutely in the right place and ignore everything I said.
I guess since initial outreach seems to indicate email is okay, and I've used a few other popular SaaS at my previous job where it was email only, I will stick to email login for now. Cheers
It's so cheap to use a SaaS auth provider like Auth0 or Clerk.dev that you might as well implement one of them. It should take less than a day.
For sure. I'm already using Auth0, but their managed universal UI wasn't going to work with my invite process, as well as my overall user management system. So, I spent a couple days building custom UIs and hooking everything up so it works.
I guess if people ask for oauth, I can set it up later and just spend another day and test that everything works. And if they want SSO I'm not sure how that works so I'll have to research it anyway.
I would hardly call auth0 cheap. As soon as you need any real features (such as SSO) you will be on their enterprise plan…
Likely I am too old, but I completely don't get the idea of using an external service for authentication. Cynically, I have started to suspect that implementing basic mechanisms such as authentication is a lost art among programmers with short attention spans raised on social media and Skibidi Toilet. More charitably, is could be an issue of switching to a new technology every three years, so best practices for implementing this stuff don't have time to be developed.
I wouldn't want to build and run my own auth system at the expensive of building features that my customers want.
For many decently sized (ie high AAR) business customers, particularly those in regulated industries, SSO is a non-negotiable requirement anyway.
Don't build, use Casdoor or Keycloak.
Or Zitadel ;-)
And yes I am clearly biased.
That’s small decision that should not take more than a few minutes to decide and try. It’s the kind of thing people do to avoid doing the real work needed
What was the point of this comment? Seems hostile for no reason.
If it’s a requirement to close a customer, they’ll tell you. Just keeping going with what you have until it blocks a deal you want to close enough to implement it.
In my experience, SSO is a requirement for some corporate clients. So depends on who you are selling to (individual employees or orgs who will have a number of their employees use the software). For example, if you sell a quoting tool to a department, which will then be used by their salespeople, SSO requirement is a possibility. If it's a small app that the CEO will use to schedule posts on Linkedin, then there is no need.
In my experience, login using Google, Apple is a convenience feature that may increase conversion rate if the product is sold to individuals, but is not essential.
Your experience may vary.