Require me to give you my contact information just to download something. Have sales people blow up my phone and/or email and ignore polite brush-offs. Keep reaching out to me periodically with requests to have a meeting about how you product can help me.
I don't have buying power, but I do have bitching power and your product will wind up getting bad-mouthed by the whole team eventually. And when the engineer asks us for recommendations, guess what we tell him?
Lookin' at you, Veeam, AWS, and Keyence.
thewebguyd · 12m ago
IT Manager here, and deal with this almost weekly at this point. I'll add to your list of how not to do it - ignore my brush-offs and start email blasting others on my team or within the company to get around me. Quick way to get your domain blocked all together.
Also please don't make me sit through a demo just to get a quote. If I want a full demo I'll ask for it, and I need to know pricing first before even considering going any further. I've probably already researched your product, maybe even did a trial if available - I don't need to sit through any number of sales pitches, just give me the numbers.
whstl · 13m ago
Adding Auth0/Okta to the list. Funny enough I had buying power and budget for it, and was gonna ask a Senior engineer to look into it, but the calls got so crazy that I just soured on it.
In this case, corporate management holding the purse strings but their workers (devs) using the actual tools. The solution they offer to founders is to make the user your champion and have them sell your product for you.
"The meta point here is that you're not going to talk to the credit card holder; the user/dev is going to do that for you.
Give them the best possible chance at convincing the leadership. Make them look awesome for even bothering the leadership with a choice like this. Make it obviously awesome for them to decide “yes”. These users/devs are your sales people."
Maybe that works for dev tools with freemium models, but in many industries where this problem arises its just not possible to even get your product in front of the users. Take hospital systems and EHR purchasing where Doctors and Nurses are the users of the EHR day in and day out but it is the hospital administration that ultimately gets to decide which EHR is deployed. How do you get users to be champions of your product if you can't even get it in front of them?
hinkley · 1m ago
Too often we get the reverse. Slick salesman targets the person with budgetary discretion while avoiding letting the users in in the transaction, so by the time they can complain about how terrible the product is, the check has already cleared.
user_7832 · 1h ago
This works if the users are able to use the product (in this case on their personal device maybe) first, and are part of the same organisation.
But what about cases where the user isn't directly related to the decision maker? Doubly so when it's a hard to justify purchase? (I.e. you're not selling bread or IBM machines.)
For example, say, a keyless entry fob for a car. The driver benefits immensely. The CTO of Ford may probably not even entertain a meeting ("Huh, what does he think, locks are bad or something?! What's wrong with a secure lock?")
Does anyone have any suggestions for how to approach such a situation if you developed the fob and now want to sell it?
SoftTalker · 1h ago
Demonstrate that competitors are adopting fobs and try to build FOMO.
at-fates-hands · 1h ago
In your scenario, you're looking at a bottom up approach. Instead of going to Ford, you start at the bottom of the food chain. Used car dealerships, auto body shops, and other places that sell/install accessories for your car.
A great example is remote starters. Same idea. Great for the user, not so much for say Ford. The first places I saw these being installed? Stereo shops would use it as a cross selling feature whenever they were selling something else to a customer. I could be wrong, but it took a few years for the manufacturers to start including remote starters as an add-on. Before then, it was all kinds of other shops selling and installing them.
But its a trench warfare type of deal. You have to get into the hands of the people who can install them, then work your way up to approaching dealerships and larger clients.
I've done this with an anti-theft device. Start small, then build your client base and use that as a springboard to get interest from larger clients.
SoftTalker · 39m ago
Just be sure your product actually works. Third party/aftermarket remote starters and car alarms are (were) nortorious for causing a varity of intermittent, obscure electrical issues. Not sure if it was the devices themselves, or the installation, or both.
ignoramous · 55m ago
> But what about cases where the user isn't directly related to the decision maker? Doubly so when it's a hard to justify purchase?
TFA goes:
Leadership gives approval for purchase
If your brand doesn't sell on its own, for a top-down sales motion (tfa is about bottom-up & product-led) it is usually c-suites purchasing from friends (network) & family. Folks want to go to Harvard/Wharton/GSB for a reason.
Brajeshwar · 2h ago
This is how the likes of Slack, Postman sells, “Hey, 96% of your developers/team are already using it. It makes sense to buy it.”
gcatalfamo · 1h ago
"If they already use it, why should I buy it?"
It sounds like a trivial question to answer, but it just exposes the level of detachment that exists between who makes the purchase decisions and its users in SME context.
takinola · 1h ago
Because you want to control who uses it (offboard separated employees, onboard new employees automatically), integrate into your auth systems to make it easier for employees to access, get an SLA if something goes wrong, connect to your data auditing systems, etc, etc. Companies have a lot of needs outside of just the core functionality of a product.
kube-system · 1h ago
You might want to understand the politics and business dynamics before you go too far down that route. You could just end up getting your product blocked and/or replaced with a competitor instead.
esafak · 1h ago
"Don't you want them to use it more securely, and with enterprise AI features?"
jagged-chisel · 1h ago
Wait - it’s not secure now? We’ll be banning it immediately!
esafak · 1h ago
"No, it's more secure! We have encryption, which means intermediaries can't snoop, but don't you want to be able to monitor what data goes out?"
etc. There's a laundry list of features enterprises care about, better spelled out in the sibling post.
kube-system · 1h ago
"Well we have Bob from purchasing on the phone and he says we have to put this out for a bid first. And Alice from compliance wants to know, do you have [insert esoteric certification]?"
You really have to know who you are talking to and their motivations before you know what the right sales angle is.
ezekg · 2h ago
I think this is also one of the hidden benefits of commercial open source and similar models: individual adoption grows corporate adoption.
apples_oranges · 1h ago
Clearly, yet many open source contributors just work for free..
ezekg · 1h ago
I specifically said commercial open source, which is different -- one hopefully has a business model and the other does not need/want one. Working on open source outside of a commercial context has never promised compensation, and expecting compensation for it ends in pain.
scarface_74 · 1h ago
Except for that whole every company that tries it ends up either not making money money on it, get Amazoned (where Amazon offers a hosted version and makes money), or ends up seeing the error of their ways and using a more restricted license and still struggles.
ezekg · 53m ago
Agreed. There are better models to commercial open source that align better with business sustainability, like fair source. I was mainly referring to bottom-up adoption, not sustainability.
ta1243 · 36m ago
Amazon already has a relationship with your corporation, it's easy to buy their hosted elastic search
Even if the original elastic company offers it cheaper, or better, that's a massive hill to climb. Corporations don't care about costs, they care about pieces of paper, or less charitably nice dinners with the sales team.
stronglikedan · 2h ago
It why students get so much free software too.
micromacrofoot · 2h ago
this happens all the time at large companies with small teams, plus if there's a security team they hate it so that's always an angle to lean on "hey 400 people are using 12 different slack workspaces, wouldn't it be nice to manage them all from one corporate account?"
So how exactly are open source software stacks supposed to make money if not by withholding enterprise features from the free version?
There’s a reason they all do it, and it’s because SSO is one of the few features enterprises are almost universally willing to pay for.
mooreds · 1h ago
Heya, I work for a commercial auth provider but we provide a free version with unlimited SSO connections. (Details in profile if you are interested.) So I have a bias.
There's a number of ways for open source software stacks to make money, but I agree that finding features that companies with money will pay for is a great one.
I think Patio11 said it once, but SSO feels now like HTTPS felt in 2015. Used to be super expensive, but now should be "table stakes".
Other ways open source companies can make money:
- hosting (offers that sweet sweet recurring revenue)
- support (especially SLAs, which pair nicely with hosting)
- other enterprisey features, such as integrating with enterprisey tools (DataDog, SIEM tools)
- other auth features like fine grained authorization (RBAC, ABAC, PBAC) and provisioning (SCIM)
- control planes (I see this with tools like Cerbos and Permit which both offer fine grained authorization execution engines that are free, but charge for the control plane)
- certifications (SOC2, FIPS, HIPAA, PCI). this might not make sense in all cases, it does depend on the tool
- custom feature development (better if this is pulling forward planned development rather than something unplanned)
It's not easy, though.
I wrote more on my personal blog about freemium[0] and open-source[1] business models.
The problem is there's a huge gap between "We are a small company, and don't care about SSO" and Enterprise.
The company I work for is in the middle - anything where SSO is gated behind "Enterprise" is not even considered by us. We don't need 90% of the other "features" under the Enterprise plans, and most aren't willing to custom quote us for Basic+SSO.
Withhold it from free versions, sure - but definitely don't lock SSO only behind the most expensive option.
closewith · 1h ago
Locking SSO behind the Enterprise option works. Your company is an outlier that can be ignored.
codeflo · 1h ago
Companies of that size are common. It would in isolation even be profitable to serve them. The problem is if you introduce a middle tier that includes SSO, many enterprises will go for that instead of the expensive enterprise tier you want them to buy. Basically, you sacrifice medium companies as customers in order to chase after that sweet enterprise money.
thewebguyd · 1h ago
That makes sense, but I still think there are other features that can be gated behind enterprise to help make sure that doesn't happen while still providing SSO for smaller companies.
You can have user limits on the non-enterprise plans (Microsoft does this, for example, with Business Premium locked at 300 users or less), or gate other features behind enterprise: Have MFA across the board, but lock conditional access behind enterprise, lock more advanced audit logs & reporting behind enterprise, lock RBAC behind enterprise, or data residency, custom security policies, API limits, etc.
There are numerous other features that are non-negotiable for enterprises to help funnel them into the enterprise plan, while still being able to service medium companies with SSO.
MoreQARespect · 18m ago
Companies of that size are served by the "enterprise call a salesperson" offering. If you really don't need all of the other features you can probably negotiate a discount.
thewebguyd · 1h ago
I'd hardly call a business with between 150-300 employees, that cares about SSO but doesn't need the full suite of enterprise features an outlier, I'd imagine that's fairly common nowadays.
Maybe in 2015 it was an outlier, but SSO is now a non-negotiable and with many of these businesses on M365 business premium, which includes EntraID P2, SSO is now accessible to a large number of companies where it wasn't before. It's no longer some niche enterprise only functionality, it's a bare minimum for business SaaS.
tw04 · 1h ago
The fact you’re unwilling to even consider a product with SSO behind the enterprise license is what makes you an outlier, and frankly probably a bad customer.
And if you’re trying to negotiate custom, non standard licensing when you’ve only got 300 employees you will likely be a noisy customer in perpetuity.
No offense, that’s just how I’m betting 99% of folks read your response.
autoexec · 1h ago
withholding enterprise features from free versions isn't the problem, the problem is charging extortionate rates for an important security feature.
> "Decouple your security features from your value-added services...If your SSO support is a 10% price hike, you’re not on this list. But these percentage increases are not maintenance costs, they’re revenue generation because you know your customers have no good options."
ozim · 26m ago
Problem is lots of SSO implementation will be dealing with some arrogant architects claiming you know nothing and their semi broken SAML is something you should implement for them for free - repeat for 100 times for each customer having their own way of breaking the spec or using something crooked.
It is getting better with Entra P2 or Okta as it is couple of minutes to configure if you use good framework in your projects.
But the tax was because of what I wrote about in first place.
ralferoo · 2h ago
Some of these seem iffy. Looking at one at random with a seemingly excessive increase:
Coursera: $399 per u/y -> $49875 per year [7], 12400%
So, I check out the footnote:
[7] Coursera requires a minimum of 125 users to access SSO pricing. As they do not have an Enterprise price listed, this price just scales their lower cost tier up to 125 seats.
Dividing by 125 shows the SSO pricing is $399, so exactly the same as the non-SSO pricing. I fail to see how this is an SSO tax.
It might be that there is an SSO tax as the Enterprise price wasn't available to them, but listing it as 12400% increase seems like a deliberate attempt at deception.
theamk · 1h ago
looks legit to me.
I've used to work in small startup with ~10 people. The owner was always happy to pay for tools to developer productivity. We did not subscribe to Coursera, but in the theoretical case we'd all want to, the pricing would be:
10 users, no SSO: $3999/year
10 users, with SSO: $49875/year
It's an SSO tax, and a super hefty too. We'd probably balk at it and chose the less-secure option instead. And the fact that we'd get extra 116 licenses we had no need for is absolutely irrelevant, there is nothing we can do with it at all.
amelius · 9m ago
Do what big companies do: sell your user!
ecshafer · 1h ago
For enterprises its not usually as simple as sell to the CTO. Some things you need that, if you are AWS or Azure, the CTO and some principle engineer are who you have to convince to move the whole 20k person org over. But for a lot of software its the Line manager or director who is calling the shots, or a division head since division A may use different software than division B.
greenail · 1h ago
This is a bit of a simplification of how enterprise sales works. A few extra dimensions are sometimes required. For "decision makers" their own personal view of reality may not in fact be accurate. You sometimes must vet that what they tell you (and may in fact believe) actually reflects the actual power dynamics of a big enterprise. There are extra dimensions to consider; The first is: are they in a cost center or are they generating revenue. The second is: are you trying to get new technology adopted or is this considered "standardized". The third is: who might perceive your product as a risk, or a threat to their power? These data points inform your sales strategy both in who you sell to, who you avoid, and when you might choose to engage a particular persona, when to go small and when to go big.
doppelgunner · 1h ago
Be a middle man, charge a percentage like tiktok per sale.
Require me to give you my contact information just to download something. Have sales people blow up my phone and/or email and ignore polite brush-offs. Keep reaching out to me periodically with requests to have a meeting about how you product can help me.
I don't have buying power, but I do have bitching power and your product will wind up getting bad-mouthed by the whole team eventually. And when the engineer asks us for recommendations, guess what we tell him?
Lookin' at you, Veeam, AWS, and Keyence.
Also please don't make me sit through a demo just to get a quote. If I want a full demo I'll ask for it, and I need to know pricing first before even considering going any further. I've probably already researched your product, maybe even did a trial if available - I don't need to sit through any number of sales pitches, just give me the numbers.
In this case, corporate management holding the purse strings but their workers (devs) using the actual tools. The solution they offer to founders is to make the user your champion and have them sell your product for you.
"The meta point here is that you're not going to talk to the credit card holder; the user/dev is going to do that for you.
Give them the best possible chance at convincing the leadership. Make them look awesome for even bothering the leadership with a choice like this. Make it obviously awesome for them to decide “yes”. These users/devs are your sales people."
Maybe that works for dev tools with freemium models, but in many industries where this problem arises its just not possible to even get your product in front of the users. Take hospital systems and EHR purchasing where Doctors and Nurses are the users of the EHR day in and day out but it is the hospital administration that ultimately gets to decide which EHR is deployed. How do you get users to be champions of your product if you can't even get it in front of them?
But what about cases where the user isn't directly related to the decision maker? Doubly so when it's a hard to justify purchase? (I.e. you're not selling bread or IBM machines.)
For example, say, a keyless entry fob for a car. The driver benefits immensely. The CTO of Ford may probably not even entertain a meeting ("Huh, what does he think, locks are bad or something?! What's wrong with a secure lock?")
Does anyone have any suggestions for how to approach such a situation if you developed the fob and now want to sell it?
A great example is remote starters. Same idea. Great for the user, not so much for say Ford. The first places I saw these being installed? Stereo shops would use it as a cross selling feature whenever they were selling something else to a customer. I could be wrong, but it took a few years for the manufacturers to start including remote starters as an add-on. Before then, it was all kinds of other shops selling and installing them.
But its a trench warfare type of deal. You have to get into the hands of the people who can install them, then work your way up to approaching dealerships and larger clients.
I've done this with an anti-theft device. Start small, then build your client base and use that as a springboard to get interest from larger clients.
TFA goes:
If your brand doesn't sell on its own, for a top-down sales motion (tfa is about bottom-up & product-led) it is usually c-suites purchasing from friends (network) & family. Folks want to go to Harvard/Wharton/GSB for a reason.It sounds like a trivial question to answer, but it just exposes the level of detachment that exists between who makes the purchase decisions and its users in SME context.
etc. There's a laundry list of features enterprises care about, better spelled out in the sibling post.
You really have to know who you are talking to and their motivations before you know what the right sales angle is.
Even if the original elastic company offers it cheaper, or better, that's a massive hill to climb. Corporations don't care about costs, they care about pieces of paper, or less charitably nice dinners with the sales team.
There’s a reason they all do it, and it’s because SSO is one of the few features enterprises are almost universally willing to pay for.
There's a number of ways for open source software stacks to make money, but I agree that finding features that companies with money will pay for is a great one.
I think Patio11 said it once, but SSO feels now like HTTPS felt in 2015. Used to be super expensive, but now should be "table stakes".
Other ways open source companies can make money:
- hosting (offers that sweet sweet recurring revenue)
- support (especially SLAs, which pair nicely with hosting)
- other enterprisey features, such as integrating with enterprisey tools (DataDog, SIEM tools)
- other auth features like fine grained authorization (RBAC, ABAC, PBAC) and provisioning (SCIM)
- control planes (I see this with tools like Cerbos and Permit which both offer fine grained authorization execution engines that are free, but charge for the control plane)
- certifications (SOC2, FIPS, HIPAA, PCI). this might not make sense in all cases, it does depend on the tool
- custom feature development (better if this is pulling forward planned development rather than something unplanned)
It's not easy, though.
I wrote more on my personal blog about freemium[0] and open-source[1] business models.
0: https://www.mooreds.com/wordpress/archives/3621
1: https://www.mooreds.com/wordpress/archives/3438
The company I work for is in the middle - anything where SSO is gated behind "Enterprise" is not even considered by us. We don't need 90% of the other "features" under the Enterprise plans, and most aren't willing to custom quote us for Basic+SSO.
Withhold it from free versions, sure - but definitely don't lock SSO only behind the most expensive option.
You can have user limits on the non-enterprise plans (Microsoft does this, for example, with Business Premium locked at 300 users or less), or gate other features behind enterprise: Have MFA across the board, but lock conditional access behind enterprise, lock more advanced audit logs & reporting behind enterprise, lock RBAC behind enterprise, or data residency, custom security policies, API limits, etc.
There are numerous other features that are non-negotiable for enterprises to help funnel them into the enterprise plan, while still being able to service medium companies with SSO.
Maybe in 2015 it was an outlier, but SSO is now a non-negotiable and with many of these businesses on M365 business premium, which includes EntraID P2, SSO is now accessible to a large number of companies where it wasn't before. It's no longer some niche enterprise only functionality, it's a bare minimum for business SaaS.
And if you’re trying to negotiate custom, non standard licensing when you’ve only got 300 employees you will likely be a noisy customer in perpetuity.
No offense, that’s just how I’m betting 99% of folks read your response.
> "Decouple your security features from your value-added services...If your SSO support is a 10% price hike, you’re not on this list. But these percentage increases are not maintenance costs, they’re revenue generation because you know your customers have no good options."
It is getting better with Entra P2 or Okta as it is couple of minutes to configure if you use good framework in your projects.
But the tax was because of what I wrote about in first place.
Coursera: $399 per u/y -> $49875 per year [7], 12400%
So, I check out the footnote:
[7] Coursera requires a minimum of 125 users to access SSO pricing. As they do not have an Enterprise price listed, this price just scales their lower cost tier up to 125 seats.
Dividing by 125 shows the SSO pricing is $399, so exactly the same as the non-SSO pricing. I fail to see how this is an SSO tax.
It might be that there is an SSO tax as the Enterprise price wasn't available to them, but listing it as 12400% increase seems like a deliberate attempt at deception.
I've used to work in small startup with ~10 people. The owner was always happy to pay for tools to developer productivity. We did not subscribe to Coursera, but in the theoretical case we'd all want to, the pricing would be:
10 users, no SSO: $3999/year
10 users, with SSO: $49875/year
It's an SSO tax, and a super hefty too. We'd probably balk at it and chose the less-secure option instead. And the fact that we'd get extra 116 licenses we had no need for is absolutely irrelevant, there is nothing we can do with it at all.