Avoid IaaS Lock-In With a SAML Proxy
TL;DR Adopting an Infrastructure As A Service (IaaS) provider can save huge time and effort when implementing a B2B SaaS product, but it can also result in deep lock-in with the provider. I explain how deploying a SAML Proxy can mitigate this, and provide a case study of migrating hundreds of customers from one IaaS provider to a competitor instantly and with near zero disruption. I also introduce my new open source SAML Proxy, a fully functional demo that you can try out yourself and modify for your own custom scenarios.
Any successful B2B SaaS product has to offer “enterprise SSO” - which usually means SAML authentication - to its customers. Unfortunately knowledge of SAML authentication protocols is somewhat specialist, and the risks of a poorly implemented SAML Service Provider (SP) compromising your security are high. Add to that the cost of a custom implementation and it rapidly becomes obvious that using a 3rd party authentication service makes sense. These often include identity management and role based access control, and make a compelling time saver for a new business.
Identity as a Service (IaaS) has unsurprisingly emerged as a very popular SaaS category with a number of competing providers. A list off the top of my head would include Okta (and Auth0), AWS Cognito, WorkOS, and Clerk.
