For implementing web SSO what would you guys recommend?
Or just Okta, Onelogin and not waste time standing something up?
What do you need from the system? What’s the downsides in rolling your own?
Just a SSO solution for Github, Jira, Gmail etc. Have not ever rolled my own so was hoping someone with experience would share advice
Something like this then?
I’ve used auth0, okta and onelogin on various projects. What you get is the abstraction layer between your app and the identity provider (which may be proxied behind your chosen auth provider). You pay $$ and tradeoff the complexity of rolling it yourself. There’s a cost-benefit here where you will weigh the benefit of an auth provider based on factors such as the number of users you have. These auth services shine where you have clients differing auth requirements (such as saml) or in heterogenous auth situations where varied solutions are necessary. Setting up saml specifically was relatively easy with each of these, but that depends on the quality of the saml sp solution you find for elixir. If your client requires saml but you do not want to deal with saml in your server, look into using one of these auth providers to proxy your client’s saml idp but return you something more palatable, such as jwt. As usual, the solution requires some investigation based on your needs. Contact their sales or dev support channels if you can’t find the answers at first.
Thank you for very detailed answer, a lot of good points to think about. Do you have a preference among okta and onelogin? I have some experience with okta, but onelogin looks to have way more features?
I do not have a preference, since both met the needs I had at the time.