As IT admins consider web application single sign-on (SSO) solutions, many are evaluating OneLogin™ and its pricing. As one of the SSO vendors available, OneLogin is often leveraged alongside a directory service (like Microsoft® Active Directory®) to extend and federate user identities to cloud-based applications.
Pricing for web app SSO solutions can become a tricky equation. Often, there are separate pricing tiers based on volume (e.g. 5,000+ users) and by verticals such as education. With different bundles, different features are standard and others added with a la carte options (e.g. multi-factor authentication (MFA)). Also, virtually all implementations for traditional IDaaS platforms require professional services which increases the overall costs.
All in all, there are many permutations around what IT admins can purchase, but this can be a double-edged sword. While having many options and a la carte purchasing available can give admins greater flexibility with their purchasing decisions, it can also muddy the waters when there are so many ways to combine as many features. Thus evaluating all of your options is key to getting the most out of your SSO solution.
SSO Pricing in the Big Picture
With SSO pricing, the most important thing to keep in mind — sometimes even more than the actual prices you’re quoted — is what you do (and do not) need. This is because critical functionality like multi-factor authentication (MFA), user provisioning, and more are typically offered as add-ons, so the cost can quickly add up.
The challenge becomes even greater considering that web-app SSO is only one part of identity and access management (IAM). There are numerous other functionalities admins need to connect users to the resources that they need, including on-prem applications, networks, file servers, and workstations (Windows®/Mac®/Linux®).
Ultimately, pricing for an SSO solution — be it OneLogin, Okta®, or otherwise — is only one part of the complete cost structure. For one, SSO solutions usually require a directory service as the primary source of truth. From there, functions such as RADIUS, LDAP, SSH key management, system management, governance, and more are all usually add-on solutions that will cost more (if they’re offered at all). The result is that the overall costs balloon as does implementation timeframes.
What Do You Need Besides SSO?
Ultimately, pricing for one component is important, but the overall architecture of your identity and access management is much more critical to determine. From there, figuring out the most cost-effective solutions becomes easier.
Every organization has their own needs, and should use those to guide their buying decisions. However, we’ve compiled this short list of features to serve as a starting point:
- System management capabilities – can work with Windows, Mac, and Linux
- Remote access and control through APIs and Powershell
- Support for industry-standard protocols like LDAP, SAML, and RADIUS
- Different levels of access according to user-group membership
- Access to:
- On-prem apps (Jira®, MySQL)
- File servers (QNAP®/Synology®)
- Networks (Meraki®/OpenVPN®)
- Cloud-based infrastructure (AWS®/GCP®)
Considering the whole picture, it’s not about establishing one identity for web apps, but about establishing one identity for all resources. This means a single source of truth to authenticate against, regardless of platform, protocol, provider, or location.
So how do admins cobble together the best mix of solutions, when so many different and specific ones are out there? The easy way to answer that is to look for a holistic solution that can address all of your IAM needs. And for many small- to medium-sized businesses, that leads them to Directory-as-a-Service®.
An All-Inclusive Alternative to OneLogin
Any SSO offering is going to address the core number of web apps in your environment, but this can be misleading. It’s the other features — managing mixed-OS environments, connecting users and systems, and securely managing access to resources — that sway admins’ decisions.
No one wants to go into a purchasing decision knowing that they’ll have to continue to add costly features as their enterprise grows, or in some cases, continue to maintain legacy hardware to leverage as a source of truth for newer features.
When looking for a centralized identity solution, you may want to consider Directory-as-a-Service. JumpCloud® Directory-as-a-Service has all the above IAM and SSO features in one cloud-based IdP platform. It’s simple for users and easy for admins, who can control all their systems from one admin console.
JumpCloud gives users one set of credentials to use across web apps, but also takes it a step further. It’s True Single Sign-On™, and not just for web applications via SAML, but legacy on-prem applications, cloud infrastructure, on-prem and cloud-based file servers, and networks via RADIUS — no matter your operating system.
To learn more about SSO solutions or Directory-as-a-Service, check out our product or resources page. You can also contact us for a personalized free demo or sign up to try it out for yourself. Your first 10 users are free forever.