When Alex and I announced the founding of YeshID, we said:
Start-ups and small and medium businesses that dream of moving quickly and keeping expenses down, turn to cloud services. They happily swipe credit cards to license tools that amplify staff skills.
That’s the market we decided to serve, and that’s us: a startup that dreams of moving quickly and keeping expenses down. (And being successful, of course.)
We have been moving quickly
Like many other startups, we registered our domain and chose Google Workspace for its suite of office tools. And we planned to use it for identity management–until we built YeshID.
We felt we were in business when we started sending emails with our @yeshID email addresses and using them to sign up for the web services that helped us get started. Yes, there was the small matter of closing our first financing round. But we finished all the details with our shiny new identities. We put up a website and, on July 25th, made our announcement.
Two weeks later, I came up for air and discovered that I’d signed into nearly fifty cloud services: 24 with my YeshID Google account and the rest with my @YeshID email. Alex signed up for some of them and the additional services he needed to support development. When David Cornell joined us as our first engineer, we had to provision him, and as he started building and exploring, he signed up for applications that would help him move faster.
How many applications had we signed up for across the entire organization? Were we using the most cost-effective versions of each? What would be new when the next person came on board?
Help! We needed the product we had set out to build. It’s a good thing we are living the problem.
We’ve been keeping expenses down
Even though we signed up with all those web services, we used the free tiers for most and the lower tiers for others. Google Workspace’s lowest tier, “Business Starter,” gave us office tools and support for SSO in both directions. We used Google as an Identity Provider (IdP) and could have used it to sign into other tools that support SSO.
But here comes the problem. Again from our announcement post:
SaaS packages that include support for multifactor authentication (MFA) and single sign-on (SSO) cost more. They’re usually called “enterprise packages.” They’re priced for companies with plenty of cash, not lean companies with small budgets (check out: the SSO Wall of Shame).
We started with the apps we know and need
We picked Google Workspace because we needed basic business tools and because both Alex and I were familiar with it. Other startups choose Office 360 for the same reason. Other services might be as good and less expensive, but at $6/user/month for Business Basic, we’d lose the time spent choosing and never make it back in savings.
Zoom was an easy choice as a Video Chat service. We’d both used it in our previous jobs. It’s reliable and familiar. Their free plan, with unlimited 40-minute meetings, might be OK when there’s nobody here but us founders, but for business activity, you need at least the Pro plan.
At $149.00 per user (just the two of us), it’s pretty affordable. But, whoops! No Single Sign-on (SSO). No problem. The upgrade to Business isn’t that bad. Another 50 bucks take us to. $199/user. Yes, it’s 25% more, but not terrible for SSO. But…wait! What’s the fine print say?
*Starting at 10 licenses for $1,900 a year
To get SSO for the founding team, YeshID would have to go from $300 a year to nearly $2,000.
As we said in our announcement post:
Admins duct tape workarounds. Users sit in a hodgepodge of authentication methods (password, OAuth, SAML). Which one they use depends on the application. Irritation follows.
Yep, that’s us.
We are a small, fast-moving company
A small, fast-moving company can take the easy and low-cost route. Like others, we can sign in with our Google credentials when that’s an option and with our email addresses when it’s not. And with SSO, when it’s not too difficult to configure (hint: it’s a pain) and when it doesn’t cost too much extra (hint: it usually does.) But why not full visibility and security from day one? That’s easy to use? At a reasonable cost? For everyone?
Our first few weeks of operation have shown us what the people we interviewed had told us: Identity and Access Management is a (somehow still unsolved) problem!
We know some companies address some of these problems and provide partial solutions, but from talking to customer companies using those solutions, we know there are still big gaps. And that is what we focus on: Identity and Access Management that’s fully functional and dead simple.
We’d love to hear how you’re dealing with identity and SaaS costs! Share your tips and tricks here.