Hacker News new | past | comments | ask | show | jobs | submit login

Just speaking practically, the biggest reason to support SAML is that customers use it.

Tons of companies still use old school Active Directory for SAML -- and aren't even quite ready to migrate to Entra (formerly Azure Active Directory).




> Just speaking practically, the biggest reason to support SAML is that customers use it.

This is a huge reason to support SAML, I agree. You can talk all day long about how OIDC is better, but if a customer or application only supports SAML, that's what needs to be implemented.

Especially since single sign-on is usually an enabler, not the whole value proposition of any application.


This only supports my point of considering SAML as being "ancient" - but I just don't know if it's true.

It's just a feeling seeing it mostly in banks and other old-school enterprises (AD plays a huge role here as you mentioned)


Not even close. Pretty much every enterprise uses it because, from an admin point of view, it does everything the customer wants. Centralised user management is pretty much mandatory for different compliance and AD and Okta meet those needs just fine.

Hell, from a user perspective, I don’t even hate the Okta SAML implementation now we have support for Yubikey enabled. Click a button, I’m in.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: