Tracking and mapping where your sensitive data goes is challenging and manual approaches always fall short. This is a very unique unique approach to preventing sensitive data leakage.

We (BoxyHQ) are an SSO and Directory Sync vendor like WorkOS and they are spot on with the details of the SAML vulnerabilities. We have guarded against these attacks so our customers don't have to but plenty of companies still roll out their own implementations, not all of them securely.

It's just riddled with vulnerabilities but most of them are now well known and mitigated.

OpenID was meant to be the successor but popularity wise SAML is still the champion with enterprises.

SCIM doesn't really have a successor afaik. Azure AD I think doesn't do password sync, I am not sure who twisted Okta's hands to get this implemented.

Great suggestion, SAML SSO should really become commodity and made available to all tiers. Enterprise tiers are clearly dictated RFP/Security Questionnaires, there's no bigger admin hassle than that.

You could make SSO setup self-served. Happy to help you simplify your SSO implementation so you can make it available across all tiers, open-source on an Apache 2.0 license - https://github.com/boxyhq/jackson

Indeed, one common interface for the sync that captures all the nuances of multiple identity providers implementing the SCIM protocol. Thanks IvoSolveoYCSS19.

Plugging in my startup BoxyHQ here. This is the reason why we open sourced our SAML integration - https://github.com/boxyhq/jackson, it should be commodity.

Plugging in my startup BoxyHQ here. This is the reason why we open sourced our SAML integration - https://github.com/boxyhq/jackson, it should be commodity.

I'd love to join the conversation. My email is deepak at boxyhq.com

Absolutely, we mention this excellent resource in the blog. Also https://www.enterprisegrade.io/ to take a self-assessment of your enterprise readiness.