Welcome!

Microservices Expo Authors: Sematext Blog, Elizabeth White, Lori MacVittie, Liz McMillan, Craig Lowell

Related Topics: @CloudExpo, Microservices Expo, Cloud Security

@CloudExpo: Article

Is SAML All You Need to Offer Business Customers SaaS Single Sign-on?

How many customers can you serve with it?

No.

SAML is a protocol, a language. Languages are great for communicating, but a certain language is only useful when communicating with other speakers of the same language.

In business, the value of a language is dependent on how big a share of your current and potential customers speak it. Your choice of language(s) can greatly affect what kind of business you can expect: doing business only in Finnish limits your market to 5 Million people, whereas English lets you address more than a Billion people. You have three options:

  1. Limit your market to only those who speak your language of choice
  2. Learn to speak more languages to address a bigger market
  3. Try to teach more potential customers your language of choice

I have never heard of a successful example of the last alternative in business, have you?

How big a share of your customers "speaks" SAML?
I am not aware of any independent research on SAML adoption, but the largest number of customers I have seen a SAML vendor report is about 800 (written in August 2012), which is a good number for any vendor focused on a very specific area. However, if we presume that the market leader has 800 customers and a market share between 10 and 20 percent, that would lead lead to a conclusion that somewhere around 5000 organizations have invested in SAML solutions. How many of those are in production, and to what extent is another question.

About 5000 organizations, is that much or not? Single sign-on starts having a major impact on the usability of SaaS applications when there are more than a handful of users within an organization. For many common SaaS applications (for instance HR, CRM and document management) that requirement is already met by organizations with 100 employees. According to US Census Bureau (2008), there are more than 100 000 enterprises with 100+ employees in US alone, and the figure for EU is about the same according to Eurostat. Based on these figures, there must be at least 500 000 enterprises of that size in the world. Obviously 5000 organizations is only a fraction of the total number of organizations who would need single sign-on to achieve satisfactory usability for SaaS applications.

For you as a SaaS provider, this means that a very small share of your potential customers currently speak SAML, unless you are focusing on very specific segments where the adoption is higher.

Can you teach your customers to speak SAML?
Your options for teaching customers to speak SAML are:

  1. Reselling some commercial SAML product
  2. Offering a SAML Identity Provider on your own, for example based on some open source software
  3. Reselling or hooking up with some Authentication-as-a-Service offering

When you evaluate these options, the most important criteria are how they affect your business:

  • your value proposal to your customers
  • your revenue and time to recurring revenue
  • your support costs

The core of the SaaS value proposal is simplicity. You tell your customers that you will run and maintain everything for them, and they only have to pay their bills. If you require your customer to get something else from somewhere else in order for your application to really work, then simplicity will suffer, both technically and business-wise.

Recurring revenue and loyalty is what SaaS is about. Your focus should be on engaging as many users as possible within each customer organization as soon as possible. The first hundred days is a well known time span for most people, from a newly elected American president to a new couple. If you or your customer spends that time installing and configuring some on-premise software to improve the usability of your SaaS application, then adoption and usage will suffer, which in the end means less revenue and more churn.

Some of your techies might tell you that they found this great piece of open source software, which they can develop into a SAML Identity Provider that you can give your customers for free. They are probably right. However, what about support? Is your core business to maintain free on-premise software? Do you have the resources and processes for it? Can your customers use your free SAML solution with other SaaS applications as well? Who will support that? Or should customers have one free SAML Identity Provider for each SaaS application?

From a business point of view, it obviously does not make sense for you as a SaaS vendor to try to teach your customers to speak SAML, and it is not very likely to succeed either, because it is usually the one with the money who calls the shots.

How can you offer business customers SaaS single sign-on?
First, let's have a look at what is really required. You need to know who the user is, which typically means information like:

  • name
  • organization
  • business unit
  • access rights
  • email
  • phone

Much of that information can be found in, or derived from, the user directory (AD, LDAP etc) of your customer organization. Your job is to get that information for a user who has authenticated against it, and transfer it to your application in a secure way. None of those steps involve rocket science. The trick is of course to do it in a way that requires as little deployment and maintenance work as possible, both from you and from your customers. That is essential to achieve rollout speed, high adoption and low support costs.

You  need a solution which supports SAML for customers wanting to use that, and a more simple way for the rest. As said before, the core of the SaaS value proposal is simplicity.  We have very good experience from using customers' existing intranet web servers to achieve similar functionality in a less complex way, a solution which practically any customer organization with 100 employees or more can roll out in hours  If you want to read more about such a solution, click here.

More Stories By Kjell Backlund

Kjell Backlund, CEO of Emillion, is a seasoned software business entrepreneur with over 20 years experience in international business. He founded Emillion in 2001, with the vision that automating sign-on and user management would be essential to the success of SaaS and Service Desk applications(www.emillion.biz).

@MicroservicesExpo Stories
Monitoring of Docker environments is challenging. Why? Because each container typically runs a single process, has its own environment, utilizes virtual networks, or has various methods of managing storage. Traditional monitoring solutions take metrics from each server and applications they run. These servers and applications running on them are typically very static, with very long uptimes. Docker deployments are different: a set of containers may run many applications, all sharing the resource...
SYS-CON Events announced today that Isomorphic Software will exhibit at DevOps Summit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Isomorphic Software provides the SmartClient HTML5/AJAX platform, the most advanced technology for building rich, cutting-edge enterprise web applications for desktop and mobile. SmartClient combines the productivity and performance of traditional desktop software with the simp...
Sharding has become a popular means of achieving scalability in application architectures in which read/write data separation is not only possible, but desirable to achieve new heights of concurrency. The premise is that by splitting up read and write duties, it is possible to get better overall performance at the cost of a slight delay in consistency. That is, it takes a bit of time to replicate changes initiated by a "write" to the read-only master database. It's eventually consistent, and it'...
With so much going on in this space you could be forgiven for thinking you were always working with yesterday’s technologies. So much change, so quickly. What do you do if you have to build a solution from the ground up that is expected to live in the field for at least 5-10 years? This is the challenge we faced when we looked to refresh our existing 10-year-old custom hardware stack to measure the fullness of trash cans and compactors.
The emerging Internet of Everything creates tremendous new opportunities for customer engagement and business model innovation. However, enterprises must overcome a number of critical challenges to bring these new solutions to market. In his session at @ThingsExpo, Michael Martin, CTO/CIO at nfrastructure, outlined these key challenges and recommended approaches for overcoming them to achieve speed and agility in the design, development and implementation of Internet of Everything solutions wi...
A company’s collection of online systems is like a delicate ecosystem – all components must integrate with and complement each other, and one single malfunction in any of them can bring the entire system to a screeching halt. That’s why, when monitoring and analyzing the health of your online systems, you need a broad arsenal of different tools for your different needs. In addition to a wide-angle lens that provides a snapshot of the overall health of your system, you must also have precise, ...
It's been a busy time for tech's ongoing infatuation with containers. Amazon just announced EC2 Container Registry to simply container management. The new Azure container service taps into Microsoft's partnership with Docker and Mesosphere. You know when there's a standard for containers on the table there's money on the table, too. Everyone is talking containers because they reduce a ton of development-related challenges and make it much easier to move across production and testing environm...
Node.js and io.js are increasingly being used to run JavaScript on the server side for many types of applications, such as websites, real-time messaging and controllers for small devices with limited resources. For DevOps it is crucial to monitor the whole application stack and Node.js is rapidly becoming an important part of the stack in many organizations. Sematext has historically had a strong support for monitoring big data applications such as Elastic (aka Elasticsearch), Cassandra, Solr, S...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
There's a lot of things we do to improve the performance of web and mobile applications. We use caching. We use compression. We offload security (SSL and TLS) to a proxy with greater compute capacity. We apply image optimization and minification to content. We do all that because performance is king. Failure to perform can be, for many businesses, equivalent to an outage with increased abandonment rates and angry customers taking to the Internet to express their extreme displeasure.
Right off the bat, Newman advises that we should "think of microservices as a specific approach for SOA in the same way that XP or Scrum are specific approaches for Agile Software development". These analogies are very interesting because my expectation was that microservices is a pattern. So I might infer that microservices is a set of process techniques as opposed to an architectural approach. Yet in the book, Newman clearly includes some elements of concept model and architecture as well as p...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
This complete kit provides a proven process and customizable documents that will help you evaluate rapid application delivery platforms and select the ideal partner for building mobile and web apps for your organization.
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...

Modern organizations face great challenges as they embrace innovation and integrate new tools and services. They begin to mature and move away from the complacency of maintaining traditional technologies and systems that only solve individual, siloed problems and work “well enough.” In order to build...

The post Gearing up for Digital Transformation appeared first on Aug. 29, 2016 04:30 PM EDT  Reads: 1,658

Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
The following fictional case study is a composite of actual horror stories I’ve heard over the years. Unfortunately, this scenario often occurs when in-house integration teams take on the complexities of DevOps and ALM integration with an enterprise service bus (ESB) or custom integration. It is written from the perspective of an enterprise architect tasked with leading an organization’s effort to adopt Agile to become more competitive. The company has turned to Scaled Agile Framework (SAFe) as ...

Let's just nip the conflation of these terms in the bud, shall we?

"MIcro" is big these days. Both microservices and microsegmentation are having and will continue to have an impact on data center architecture, but not necessarily for the same reasons. There's a growing trend in which folks - particularly those with a network background - conflate the two and use them to mean the same thing.

They are not.

One is about the application. The other, the network. T...