I'm looking for input from the DevOps community on the best SSO (Single Sign-On) solutions for mid-sized companies (around 50-200 employees) in 2025. We have minimal internal IT support and use tools like GitHub, Gmail, Vault, AWS, and Graylog. Specifically, I'm interested in feedback about:
* Ease of integration (SAML/OIDC)
* Multi-IDP support
* Support for SCIM provisioning
* Transparent, scalable pricing without too much enterprise overhead
* Overall developer experience
I've seen some options frequently mentioned like Azure AD (Entra ID), Keycloak, Authentik, WorkOS, and SSOJet. I'm eager to hear your experiences with these or any other favorites, especially regarding multi-tenant or external user authentication use cases.
5 Answers
If you already have Active Directory, Azure Entra is definitely a logical choice. It integrates smoothly with a lot of services, and everyone can use their existing AD credentials without a hassle.
Okta is definitely worth looking into! Their integration capabilities are phenomenal, and they have a ton of out-of-the-box options for major apps. It's really user-friendly, and I’ve found it to be the best when it comes to usability. Just give their trial a shot and see how it fits your needs!
We’ve been using Keycloak, and it has worked pretty well for us. There are some quirks, but overall it satisfies our needs. Just be prepared for a bit of a learning curve, and remember that sometimes the API responses might not reflect the actual outcomes unless you dig deeper into the logs.
Totally agree, Keycloak is great once you get the hang of it!
Sounds like a mixed bag. Any specific issues you faced that might help others?
Consider giving Zitadel a try as well! It's been gaining traction for various use cases like employee and B2B services. It also supports self-hosting, which could give you more control depending on your needs. It checks many of the boxes you mentioned.
I really like PingFederate or PingOne for SaaS solutions. Their support is top-notch, and they have a wide range of customization options to fit your needs. They cover all the important protocols like SAML and OIDC, but it can get a bit overwhelming with all the settings. Just make sure to evaluate the cost because it can get pricey depending on usage.
What's the learning curve like for someone new to it?
What makes it a better choice compared to Keycloak?