Why the SSO tax needs to go

Single sign-on is a qualifying condition for any modern product—not a premium feature that warrants a price bump.

Would you buy a car without tires? A burger without a bun? A laptop without a battery? A SaaS service without SSO?

I’m guessing you answered “yes” to only one of those questions. Anyone actively buying enterprise SaaS services knows that the fee that comes along with features like single sign-on (SSO) often exceeds the original price of the service itself. Somewhere along the line, we let down our guard and started negotiating with the mouse about the cookie. What we now call the “SSO tax” has gone too far, and it’s not good for the buyers or the sellers.

The philosophy of pricing

First, some background for those who have never been punished with the responsibility of creating a pricing model. When determining a pricing and packaging strategy for a service or product, the ideal is to align your price with the attributes of your product that your customer values the most. For example, a kids’ Hamburger at McDonalds is less than a Quarter Pounder, which is less than a Double Quarter Pounder. The pricing here is tightly aligned with the derived value the customer receives. On top of the core pricing model, there are often additional features that are included into different packages. All of these burgers come with pickles, lettuce, tomato—these are commonly termed “filler” features, or features we’re happy to have, but wouldn’t pay for. Then there are the “leaders”—smoked bacon for the Smoky BLT Double Quarter Pounder—that warrant extra spend, as the customer ascribes a high value to it. Finally, there are “killer” features, which cause customers to de-value the package: “I don’t care if the Happy Meal costs less, I do NOT want another cheap plastic toy in my car.” 

There is a lot of excellent work on this, and some firms that specialize in designing the optimal pricing model for whatever your offering might be. However, there are some major missteps that are easy to make. Most often, these mistakes come in the form of “killers”—those additional features that cause the package to be associated with an unnecessary luxury. The other critical mistake is confusing a “filler” feature with a “leader.” That’s exactly what happened with single sign-on.

The importance of SSO

Broadly put, SSO is a feature that allows a customer to bring their own identity provider for use with a third-party service, thus allowing the customer to establish a single, centralized authority for identification of their employees. There is little argument to be had about the benefits of centralizing our authentication and authorization into a single provider. This system makes it easier to provision access and, more importantly, to revoke it. Today, many organizations view SSO as their core access control point for many services, and mandate its use for any new service that comes into the organization. The benefits of managing an identity in a single place are real, and such mandates are commonplace for large organizations. Meanwhile, vendors have taken advantage of this pattern by placing the SSO capability into the highest-tier pricing package, thereby forcing enterprises into the highest pricing tier.

The SSO tax trap

By forcing organizations to pay for SSO, products are falling into the trap of mistaking a “filler” feature for a “leader.” While such products effectively force organizations to pay for the higher pricing tier due to their enterprise mandates, it’s a short-lived win. Let’s go back to our burger example. Imagine going into a restaurant and finding that the burgers cost a dollar, and the bun, pickle, lettuce, tomato, and special sauce cost another nine dollars. You would likely do the math and walk out with a $10 hamburger—and a bad taste in your mouth. Innately, you probably ascribe the majority of the value of your lunch on the burger, not the bun and condiments—but the restaurant’s pricing strategy has inverted that value, which means you’ll likely feel more upset about getting ripped off by the expensive condiments than happy about the deal you got on the burger.  This is similar to the frustration many feel when they pay fees for carry-on luggage on top of a super-cheap airline fare - we end up more upset about the $80 than the $200 we saved on the ticket.

This is the same value-trap we end up in when we position features like SSO as “leaders” for higher price tiers. I have personally been in conversations with buyers of enterprise packages who have told me, “their pricing tells me SSO is worth more than their product.” This is the trap of SSO tax: by forcing the buyer into a higher pricing tier due to an enterprise requirement, you have now aligned that incremental price with the features that come along with that tier. If those features are not aligned with the value the organization is getting out of your product or service, it’s going to feel more like extortion than a fair trade of value. 

It’s time to move on

We are long past the point where an enabling feature like SSO warrants an incremental price bump. SSO is now a qualifying condition for selling to any market or vertical. Those who “go without” SSO have done so only due to cost—nobody would refuse this feature if offered, and everyone would be well-advised to use it. For years, many notable vendors have justified this fee with some hand waving and commentary about the cost of implementing the feature. But for some time now, there hasn’t been a meaningful cost associated with developing or providing SSO, due to the availability of open source frameworks and standards that provide it for free—or the availability of PaaS providers such as Auth0, AWS Cognito, and Google Firebase, who provide it at a commodity cost. The other common refrain is, “those are enterprise features,” which is just poor air cover for the pricing trap described above. While enterprises may have strict mandates as it relates to these features, they are not enterprise features. Security itself is not a leader, it is a filler. We all need security—it’s just that some of us have to accept the risk of less security due to the price of the SSO tax. 

As customers, it’s time we stop paying for SSO, and insist it’s provided as a base feature of every product. And as an industry, it’s time to start throwing the tea overboard and start saying no to the SSO tax.

Learn how Nudge Security can provide a helpful roadmap for SSO onboarding.

Related posts


Debunking the "stupid user" myth
in security

Exploring the influence of employees’ perception
and emotions on security behaviors