elasticventures

okta passport is such garbage. it's an absolute steaming pile of garbage sold to unwitting enterprise clients who can't identify bad technology.

why do i say this? At least as of Oct 2021 Okta didn't even have a complete compositional API to setup accounts -- thus requiring a 'josh-api', literally a guy named josh to manually provision new customer accounts by hand. the latency on those api requests was immense.

the company i was working at still depended on java 8, never budgeted time for refactor or maintenance, and had a plurality of other horrible dev practices they justified (calling themselves agile, devops, but not actually doing any of those things properly)

i was still in my probationary period when told me they were going to roll out Okta to all clients early in 2022 and charge for SSO so they could line their pockets, i gave my notice the next day (for many reasons, including okta). josh also gave notice and left on the same day.

given log4js, etc. this has probably been an extremely bad week there.

CPLX

I’m actively looking now for an SSO solution, SMB scale. What’s the one that doesn’t suck?

neurostimulant
Keycloak[1] is self-hosted and widely used. Kratos[2] is also self-hosted but API only, but on the plus side won't have problem with "josh-api" like GP described above.

[1] https://github.com/keycloak/keycloak

[2] https://github.com/ory/kratos