This looks very cool! Having implemented SAML before, it was definitely a pain and your tooling looks painless!
That said, the pricing worries me a bit. This is a tool we'd have to build on top of. Which means that if it disappears later because you went out of business (or just changed your pricing in some way that hosed us), we'd have a whole big, unexpected engineering project to rewrite our SSO.
And given that you're giving a hosted product away for free, it seems pretty likely that you will either eventually go out of business or change your pricing.
I know it sounds silly, but as someone who'll probably have to add SSO to my current project in the next 6-12 months, I'd be a lot more comfortable betting on you if you had a sustainable-sounding paid tier other than "free for now" and "idk email us." It'd certainly make it easier to pitch to the rest of my team. :)
I totally understand your concern. It's very valid, and we hear it a lot.
I may not successfully convince you of the commercial logic here, but we are making a calculated bet that a generous free offering serves our long-term interests.
We're betting that this product will establish our credibility with developers and result in efficient distribution in the future. It's a pretty common commercial open source playbook not to monetize in the early days.
Thankfully, some subset of venture capitalists will happily underwrite companies with popular commercial open source products.
Please bear in mind that we're an early stage company. We will build more depth into the existing product, and we'll offer new products over time. We will charge for those new features / new products. It may take years to earn meaningful revenue, let alone generate cash flow, and we're fine with that.
Right, but what has become common, if successful at cornering market share, is then changing the license to something open-source-ish and charging money for what used to be free. Sometimes a lot of money.
Many swore they'd never do it. Many probably even meant it at first.
So, it's a concern for sure.
So then fork it and continue like that. At least you have the option as opposed to some proprietary solution
Sure, that's an option.
Also an option, when choosing what to use right at the startt, is being careful about using an open source solution from a for-profit startup, and evaluating all your other options, taking into account that it may not remain open source, and if it doesn't, what place it has in your business, how hard it would be to switch then, etc.
Right, the overhead of setting up SAML on your own is _a lot_ and things like this usually come with a Wal-Mart’s worth of foot guns. Even so, I’d be much more keen to spend the time up front diving into it and working on an in-house solution, rather than find myself and my team up a creek with a broken auth solution and several sprints worth of work to fix it, that’s also going to push other work out because logic is critical.
Ya with the last decade of experience I'm never building on top of a vc backed open source project. These things are mutually exclusive IMO. I'm not saying you can't build a solid business around open source. I mean red hat did it, but that is the model you have to go for. Not VC money at seed stage.
Out of curiosity, who else did it besides RedHat ( who are building Linux distros AFAIK ) ?
How do you expect people to bootstrap an infra SaaS? I just don’t see how you can seriously attempt something like an Auth0 competitor startup without any money. I mean it’s nice to not take VC money but you are going to be broke for a long long time - and you still have the same failure rate as with VC.
So you need to be super masochistic to work for nothing for years with a 99% of everything will evaporate at any point - and at the same time somehow convince companies to build on your stack - not only build on it but make it the gatekeeper and front door of everything. I can tell you that you will have an extremely hard time to get any customers for this, regardless of how great the tech is.
Maybe you don’t need it at seed stage - but unless you are fantastically rich already you need some investment to get beyond seed stage IMHO.
> How do you expect people to bootstrap an infra SaaS?
Presumably ilrwbwrkhv is thinking of the fate of ElasticSearch, MongoDB, Redis, CockroachDB, Confluent, TimescaleDB, Terraform, HashiCorp Vault, Docker Desktop and suchlike.
The VCs want a return for all the money they've invested, and it's difficult to monetise a free product.
One way to avoid letting down your community is to have your product be a closed-source paid product from day 1. Another is to get the backing of a huge multinational with endless ad revenue. Another is to run a super lean one-man operation, or get a day job and make free software your hobby. Another is to teeter on the edge of bankruptcy and hope one of your users just acquires your entire company.
Or you can just disappoint your community - SAML's only used by faceless megacorporations anyway, it's not like you'd be letting down real people.
None of these are great options IMHO - but that's why I don't have a VC-funded infrastructure startup myself :)
Laravel and that whole ecosystem is another great example. Open source is slow and a grass roots movement. That's what I mean, when people think it is venture scale, they are either being dishonest to the investors or to the users. Because one day the ethos of open source has to be broken to make the real money. Better to make it a paid product from day 1 instead of playing this game.
One of my favorite bad examples of this is Supabase. They played into the whole open source Firebase bandwagon and while their code is available, the ethos of open source is completely lost, so much so that even now local development and self hosting is a pain.
In terms of good examples, Andrew Sherman who does Drizzle ORM is a good example of this. Here is one of his tweets talking about not taking VC money: https://x.com/andrii_sherman/status/1775954643022971044
So it can work but honestly the best open source projects start off when you are getting paid a salary and you work on the project because you are passionate and love working on it.
100%. One thing I'd add since SAML is the gateway to your application, I don't like the idea of expecting premium support for a free product if I don't want to buy things this company does charge for later on. Don't forget one option is "call the founder"
The SSO tax[1] already exists. It sucks: Gating security features, best practices and automation when someone is already your customer is terrible. But it's the status quo, and in that status quo people that need SAML in their company probably should pay at least half as much as they pay for this single feature in a single one of their SaaS apps.
[1]: https://sso.tax/