I'm looking into adding Single Sign-On (SSO) support to five internal applications that were built between 2010 and 2015. These include a time tracking system, a project management tool, and a few department-specific apps. All of these apps are still in use and function fine, but none have SSO capabilities right now. I've received quotes that vary widely—one consulting firm quoted $45,000 for all five apps over a period of 3-4 months, while another quoted $15,000 per application, totaling $75,000. Both firms indicated that custom SAML/OIDC implementations are necessary since these apps were created before we adopted standard identity protocols.
My boss is questioning why our development team can't handle this internally, but they're already busy with other projects, and last time we attempted an IAM integration, it took six months and had numerous bugs. We don't want to pull them off tasks that generate revenue, but I'm concerned we're stuck between high consulting fees or continuing to manage access manually. For those who've dealt with integrating older custom apps to their Identity Provider, what have your experiences with costs and timelines been? Are these quotes reasonable, or should I keep looking for better options?
2 Answers
Implementing SAML support isn't overly complex. If your dev team isn't equipped to handle it, I’d question their expertise. Instead of hiring an external firm, which can complicate future authentication needs, consider bringing in someone who truly understands the tech to manage deployment.
The level of SSO you're looking for matters. Are you just trying to implement basic access or something more integrated within the app? If it’s just for access, plenty of tools like oauth-proxy or ingress controllers can simplify the process.
I'd recommend looking into OIDC combined with SCIM. It's generally straightforward to implement since most modern languages and frameworks have good support for OIDC, and SCIM is pretty simple to grasp.