Ben Orenstein · @r00k · June 1, 2022
On its face, SAML-based Single Sign-On (SSO) is the perfect feature to push your bigger customers into your enterprise tier.
Your small customers won’t care about it, but your bigger ones are often required to use it by their security departments.
If you’re a new SaaS founder and you want to maximize your revenue, I recommend you create an enterprise tier, put SSO in it, and charge 2-5x your normal pricing. Even with no other benefits, some customers will be forced to choose this option.
People will get a little mad at you, but not much, because just about everyone does this.
(Another reason this move is so popular is because offering SSO costs close to nothing after a little automation, so this price increase is all profit.)
When we were baby bootstrappers, we did exactly this. We put SSO in our enterprise tier, charged ~2x for it, and made a bunch of money.
The thing was, we always felt kind of gross about it.
SSO support is a critical security feature. As the experts at Latacora say:
You need an inventory of your applications, a single place to disable access for users, and a way to force 2FA in as many places as possible. The alternative is madness. Every CSO we’ve asked has SSO in their top 5 ‘first things they’d do at a new company.‘
Withholding SSO from our customers made their organizations demonstrably less secure. We could have flipped a switch and fixed this at ~no cost to ourselves, but instead we charged a huge premium for it. This always felt a little gray hat to me. Not quite “I’ve encrypted your data and demand you send me Bitcoin,” but not something I’d be proud to bring up at Thanksgiving.
Back then, we were trying to make sure our company survived, and every dollar mattered to us (particularly because we’re self-funded). We held our noses and did the thing because it was highly profitable and everyone else was doing it.
Fortunately, our business is now profitable enough that we can stop making this crummy tradeoff.
As of today, we’re adding SSO to every Tuple plan at no additional charge.
In the short-term, this decision will almost certainly cost us money.
In the long-term, we hope to attract customers who appreciate our prioritization of security over chasing every dollar.
Already, this decision has had a pleasant side-effect – it’s forced us to offer better benefits to entice customers into our enterprise tier: service level agreements, active user pricing, custom terms of service, tiered discounts, and better auditing and control. We’ve still got work to do here, but I’m excited to sign up customers who are attracted to these features, rather than repulsed by the idea of less secure user accounts.
If you’re a Tuple customer, you can find instructions for enabling SSO for your team here.
If you’re not a customer, please consider becoming one to help replace those sweet enterprise dollars we likely just incinerated.