When I began my career as a developer, I didn’t understand the utility of an SSO. Implementing a login mechanism with email and password seemed trivial: just a few hours of work, and voilà, it’s done. But I quickly realized how naïve I was.

DDOS attacks, credential stuffing, SMS toll fraud, phishing… These are just a few of the attacks I’ve had the chance to deal with in recent years. Although unpleasant, these attacks already have well-documented and proven solutions. Re-implementing these solutions with custom code each time is often a waste of time and money. That said, it’s essential to align your business model with the cost structure of the SSO provider. Otherwise, the success of your product could quickly become a financial burden!

SaaS Subscription Model

SaaS solutions generally use a cost structure based on monthly subscriptions. This structure is ideal for adopting an SSO solution because costs scale proportionally with revenue.

Let’s take a simple example: a SaaS offering a monthly subscription at $7 wants to use Auth0’s Essentials plan, which costs around $0.07 per active user per month. In this case, the finance team can easily budget the cost of the SSO according to projected growth. Additionally, in reality, a portion of users won’t be active in certain months—they’ll still pay the $7 subscription fee, but you won’t be billed for SSO. As a result, the actual average SSO cost per user is usually lower than the official rate due to this disparity between user charges and SSO expenses.

Free Plan Challenges

Things get more complicated for an application that offers a free tier. Users opting for the free plan won’t generate direct revenue, yet you’ll still incur SSO charges. Most free plans are designed to entice users to upgrade to a paid plan, regardless of their SSO usage. However, maintaining a consistent conversion rate over time is crucial.

For example, if you decide to add an attractive free feature that significantly increases the number of free users but reduces the conversion rate to paid plans, it could have unpleasant financial consequences. If an additional 100,000 free users sign up, your Auth0 bill can increase by approximately $10,000 per month!

Non-Profit Applications

At Thirdbridge, many of our clients aim to offer a product whose primary goal isn’t revenue generation. In this context, choosing the right SSO technology is crucial. For example, for an NPO seeking to create a secure portal with multi-factor authentication for around 10,000 users, the annual cost can vary significantly:

• With Auth0, it would cost approximately $16,000 USD per year.

• With AWS Cognito, it would be free.

In this case, the logical choice for an NPO is undoubtedly AWS Cognito! It’s also worth noting that other affordable alternatives, such as Azure AD B2C, are available. The existing technological ecosystem then becomes a key factor to consider in the decision-making process.

When in Doubt, Be Cautious

The reality is that choosing an SSO technology is not easy. Several unpredictable factors can invalidate the initial decision. Moreover, despite all the love we have for Auth0 (our CIAM team is CIC-certified), it must be acknowledged that this type of technology is extremely invasive. Once implemented, it becomes very difficult to migrate to a competitor or build an internal solution. This is probably why Auth0 can afford such steep price increases*.

The best way to mitigate this risk is to align as closely as possible with industry standards. The overwhelming majority of SSO solutions are based on protocols like OAuth2, OIDC, and SAML. By using standardized features that adhere to these protocols, a potential migration would be much easier. However, in practice, building a complete solution this way is almost impossible. In short, compromises will have to be made, and you’ll have to pick your poison!