The Power of Standards and The Momentum of SAML

January 28th, 2015   /     /   Smarter Identity

When we started OneLogin back in 2009, our application was primarily a glorified password manager in the cloud. The SAML single sign-on standard that completely eliminates passwords wasn’t widely adopted among cloud vendors. A few vendors like Google and Salesforce had gotten it right and allowed users to configure SAML themselves via their user interface.

However, most of the other applications we looked at; Box, Concur, Cornerstone OnDemand, SuccessFactors, WebEx, Yammer, just to mention a few, required the customer to get in touch with their professional services team and have them configure it, often for a $2,000-10,000 fee. This seemed so backwards to us. Why would you charge for a feature that drives adoption of your application and makes customers more comfortable having their data stored in the cloud?

We quickly realized that our own success as an identity provider was dependent upon the widespread adoption of SAML and we decided to start evangelizing the standard. In order to do that we needed a compelling message to take to the cloud vendors. After a bit of research, we discovered that most of the vendors that supported SAML had done so by licensing technology from another identity provider who charged them exorbitant royalty fees per customer. And still do to this date.

Just like most other new cloud vendors at the time, our product was based entirely on open source technology and we concluded that this was that way to go. Of course, growing adoption of SAML would also benefit our competitors to some extent, but it was our firm belief that it was the right to do, because standards are a rising tide that lifts all boats.

Over the next year we published SAML toolkits for all the major web languages and started promoting them to the dozens of cloud vendors we talked to every month. It was a hard sell at first and we didn’t get much traction. Mostly because younger cloud startups didn’t hear this requirement from their prospects, which were typically smaller and unfamiliar with SAML.

Nonetheless, we kept adding connectors for more established vendors that supported SAML and then something interesting started to happen. Our larger customers who were familiar with SAML and used it with their more established cloud vendors, started to ask about SAML support from their younger cloud vendors. OneLogin then became the middleman that used the customer as leverage to get the vendor to implement SAML and slowly but surely we started getting momentum with our toolkits.

The rate at which enterprise cloud vendors launch seem to continue to accelerate. And now SAML has become a must-have for new cloud vendors very quickly after initial product launch. We still get dozens of requests every month from new vendors and the trend seems to be accelerating.

The chart at the top of this post shows the total number of SAML-enabled apps in OneLogin’s catalog year over year. Last year alone, close to 400 cloud vendors decided to implement SAML and most of them used OneLogin’s free toolkits. This is a mind-blowing number and a testament to the power of standards.

Standards build ecosystems, prevent vendor lock-in and stimulate innovation. And in this case, OneLogin is a driving force in making the cloud a safer place for everyone.

About the Author

Thomas Pedersen, founder and CEO of Onelogin, has more than 15 years of experience in building and selling carrier-grade billing systems for phone companies, initially at Cisco-backed Digiquant in Denmark and later at Intec Telecom Systems in the US. After having helped Zendesk grow to 5,000 customers as VP Business Development, he is now laser-focused on making OneLogin the most widely deployed identity management solution in the cloud.

View all posts by Thomas Pedersen