Hey everyone! I'm diving into the world of Single Sign-On (SSO) solutions and wanted to get insights from the DevOps community on what's working best these days. For a mid-sized company with around 50 to 200 employees and minimal internal IT, we're utilizing tools like GitHub, Gmail, Vault, AWS, and Graylog. My focus is on finding the ideal SSO solution that ticks these boxes: easy integration (SAML/OIDC), support for multiple identity providers (IDP), SCIM provisioning, transparent and scalable pricing (no hefty enterprise fees), and a good developer experience. I'm curious about your experiences with any solutions you've used, including whether any of the following stand out: Azure AD (Entra ID), Keycloak, Authentik, WorkOS, or SSOJet. Thanks for your input!
5 Answers
If you already have Active Directory, Entra is a natural choice. It integrates seamlessly and is user-friendly for environments already set up with Microsoft products.
I’m a big fan of PingFederate. The support is solid, and the documentation is helpful. You get good customization options and various integrations, but be aware that the complexity can get a bit overwhelming at times. The pricing might be a factor too; I’d recommend looking into it if you’re serious about it.
Have you used it long? What are your thoughts on its learning curve?
Honestly, if you have Google Workspace, just use that as your SSO. It’s widely recognized and meshes well with other vendors, so you'd avoid extra costs while still having a solid option for your team.
We’ve been using Keycloak and it works pretty well for us! There might be some quirks, like a few confusing bugs during updates, but overall it gets the job done efficiently. Just be prepared for a bit of a learning curve, especially when interacting with its API.
For sure! Just be careful with user updates—had some wild bugs there.
Sounds like a solid option; would you say the pros outweigh the cons?
You might want to check out Zitadel. It's been effective for a range of use cases, from employee access to B2B services, plus it supports multi-IDP scenarios. It's versatile with an option for cloud or self-hosting!
What makes it better than the others out there?