SSO : The Security Tax

Single Sign-On (SSO) has become a critical part of modern identity and access management, allowing users to authenticate once and gain access to multiple applications or systems. It simplifies the login process for end-users, enhancing both security and user experience. However, many companies are encountering an unexpected cost associated with SSO. In this article, we will explore what SSO is, its advantages for businesses, the concept of the SSO tax, and how it affects organizations. We will also provide insights into how companies can help shape the landscape by making informed choices about their SSO providers.

What is SSO and How It Benefits Companies

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications with a single set of login credentials. Rather than having to remember different usernames and passwords for every service, SSO simplifies the experience by centralizing the authentication process. This streamlined approach has several key advantages for businesses.

One of the primary benefits is improved security. By reducing the number of passwords users need to manage, SSO minimizes the risks associated with weak or reused passwords. SSO also allows for easier implementation of multi-factor authentication (MFA) across all connected applications, making it harder for unauthorized users to gain access. Additionally, companies benefit from improved productivity as employees no longer waste time managing multiple logins, and IT departments can focus less on password resets and more on strategic tasks.

Employee and Customer Identity Solutions | Okta

Okta’s Workforce and Customer Identity Clouds enable secure access, authentication, and automation—putting identity at the heart of business security and growth.

.css-1g6tyg1{cursor:pointer;display:inline-block;-webkit-text-decoration:none;text-decoration:none;color:blue;-webkit-transition:color 0.35s ease-in-out;transition:color 0.35s ease-in-out;margin-right:auto;width:110px;line-height:100%;}.css-1g6tyg1:hover{color:blueDark;}

Auth0: Secure access for everyone. But not just anyone.

Rapidly integrate authentication and authorization for web, mobile, and legacy applications so you can focus on your core business.

Auth0

Two of the most prominent SSO providers in the market are Okta and Auth0. Both platforms offer robust, scalable SSO solutions that cater to enterprises of all sizes, integrating with hundreds of applications seamlessly. However, for organizations looking for more control or wishing to avoid vendor lock-in, there are open-source alternatives like Keycloak. These self-hosted solutions provide customizable SSO capabilities without relying on third-party providers, offering flexibility and cost savings.

Keycloak

Keycloak is an open source identity and access management solution

Keycloak Team

What is the SSO Tax and Why Does It Exist?

Despite its clear benefits, SSO often comes with an additional, and sometimes unexpected, cost referred to as the “SSO tax.” This term refers to the extra fees vendors charge customers for enabling SSO integration, even though SSO has become a standard feature for most modern services. This tax usually appears in the form of higher subscription tiers or as a separate, premium-priced feature.

The SSO tax exists because vendors know that SSO is an attractive and often necessary feature for businesses, particularly larger organizations dealing with multiple cloud-based services. Vendors can justify the tax by claiming the need to maintain and support secure integrations, but many see it as a way to extract more revenue from enterprise customers. As a result, organizations may feel forced to pay these premiums just to meet basic security and usability needs.

How the SSO Tax Harms Companies and Security

The SSO tax harms businesses in several ways. For one, it creates a financial burden on organizations, especially smaller or growing companies that may not have the budget to absorb additional costs. This could lead businesses to forgo SSO, opting instead for less secure alternatives like manual login processes or password managers, which ultimately compromises overall security.

Furthermore, the SSO tax can create a fragmented identity landscape, where companies pick and choose which applications to integrate based on cost rather than necessity. This leaves gaps in their security architecture, making it harder to implement consistent security policies. Ultimately, charging extra for SSO discourages its adoption, leaving companies vulnerable to phishing attacks, credential stuffing, and other forms of cybercrime.

How Companies Can Shape the Landscape

Companies can take an active role in pushing back against the SSO tax by making informed decisions about which providers they partner with. Vendors that impose these additional fees can be held accountable if businesses start choosing competitors that include SSO as a standard feature without extra cost. By supporting providers that do not impose an SSO tax, companies send a message that secure authentication should be a baseline feature, not a luxury.

Websites like SSO.tax are raising awareness about this issue, offering a platform for companies to report excessive SSO fees and share their experiences. By leveraging the collective power of the business community, companies can drive change in the industry and promote a more secure, affordable, and transparent SSO ecosystem.

The SSO Wall of Shame

A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

The SSO Wall of Shame

The SSO tax is a hidden cost that harms companies financially and compromises their security. As businesses continue to rely on cloud-based applications, SSO is no longer a nice-to-have feature but an essential part of any secure infrastructure. By choosing providers that do not impose an SSO tax and advocating for change, companies can help shape a future where secure access management is both affordable and universally accessible.