Comment by Disposal8433

The whole "SSO is meant for enterprise" thing is sales bullshit. Big enterprises can't live without SSO, so everyone started charging extra for that to milk more money out of them, but this doesn't mean it's not hugely beneficial or "meant for" smaller orgs or even individuals.

Anyone can spin up an Authentik/Authelia/Keycloak/whatever instance or even use Microsoft/Google if they already pay for it in a matter of minutes. The only reason people don't is because tons of apps make it annoyingly difficult to integrate SSO or don't offer it at all in the lower price tiers.

If app installers started with "create a root user or paste the OIDC secret here", everyone and their dog would be running SSO. But that's not as profitable.

> That means you either use Google or Microsoft, nothing else.

My fairly large (>20k) company uses Okta. That's just to say, be wary of issuing ultimatums.

My company just implemented the SaaS Bitwarden with Google SAML on their Enterprise Plan. Very easy to set up, not too expensive ($6/user/month). Their compliance page made it much easier to sell to my manager who had to give the final approval: https://bitwarden.com/compliance/. It is only used by my department so far and we're still doing manual invites rather than integrating with the SCIM features so I can't speak to that. My biggest annoyance is that, as an admin, unlocking the vault still prompts for the master password rather than letting me select SSO without logging all the way out.

Vaultwarden is not a fork though?

And also, in what world is SSO meant for enterprise?

It's Single Sign On, not having to login separately for each service is perfect for any context of any size - wherever these services only have 1 user or 100 thousand.

Paid Bitwarden does SSO (SAML 2.0 or OIDC)

https://bitwarden.com/help/about-sso/