I'm looking for the best SSO (Single Sign-On) solutions for a mid-sized company with around 50 to 200 employees in 2025. Our team has minimal internal IT resources and we use tools like GitHub, Gmail, Vault, AWS, and Graylog. I'd love to get insights from the DevOps community on which SSO solutions have worked well for you. Specifically, I'm interested in:
- Ease of integration (SAML/OIDC support)
- Multi-IDP capabilities
- SCIM provisioning support
- Clear and scalable pricing without excess costs
- A solid experience for developers
Here are some options I hear frequently mentioned: Azure AD (Entra ID), Keycloak, Authentik, WorkOS, and SSOJet. I'd appreciate any feedback on these or other SSO solutions you've found helpful, especially when dealing with multi-tenant or external user authentication.
5 Answers
We use Keycloak and it works like a charm! It can be a bit clunky at times and I've had some issues where the API gave a 200 success response without actually updating the user, but overall it’s reliable.
If you already have Active Directory, then Entra is a natural choice. It integrates seamlessly with your existing setup, making life easier!
Can you explain why Entra is better in this scenario?
I'm a fan of PingFederate (or PingOne for SaaS). It has solid customer support, good documentation, and ample customization options, but it does have a learning curve. My only downside is that pricing can be vague for specific scenarios.
That sounds promising! Do you have personal experience with its integrations?
If you have Google Workspace, using it as your IdP is a no-brainer. It’s well recognized and saves you money since you already have it; plus everyone gets SSO access easily!
I recommend giving Zitadel a try. It's been great for various use cases like employee access and B2B services, plus you get options for self-hosting or cloud. It meets many of your requirements too!
I've also found it mostly reliable; just takes some getting used to.