Ask HN: What happens when I click "request for quote" on your SaaS? How do you come up with the pricing that is offered to me on your enterprise plan? |
Ask HN: What happens when I click "request for quote" on your SaaS? How do you come up with the pricing that is offered to me on your enterprise plan? |
1. It gets added to a list of marketing website leads, which is owned by SDRs/BDRs who are there to filter and qualify leads. These are usually early-career people, with a base salary + quota for qualifying leads. The website is many times their least preferred channel of leads due to the quality, but they can't ignore it because sometimes good customers do come through there.
2. The SDR will either work over email or on a call; their goal is to identify if you're a real potential customer (vs shopping for prices, vs confused about what we sell), write up notes, and identify which customer segment you belong to (geography + business type + business size).
3. You will then speak to a salesperson (with varying titles "Account Executive", "Sales Director", "Regional VP of Enterprise Sales", or whatever inflated title makes sense for that sales organization). Their goal is to confirm they're speaking to the right person in your organization (or wasting their time), if your use case is meaningful enough for the "enterprise plan" (they can't sign too small deals), what your budget is, what your usage will be like, etc.
4. Pricing could be made up by guessing your price point, but it's rare. It is difficult to consistently make up pricing that works over time and doesn't have many lowball deals that harm the company's revenue long-term, and salespeople often don't understand the technical details well enough to make things up that make sense. Usually, there will be a pricing framework and an internal calculator (very often, a spreadsheet with formulae and VLOOKUPs) that will give them a range. They can then choose what number within that range to offer, based on who they think you are and how far off they are from their quarterly quota.
5. They can then negotiate the number, or the included features, or the payment terms (upfront payment, multi-year contract, exit clauses, etc.) which can be translated into discounts if they're favorable to the seller.
If a VP clicks on the button, that's a different story.
Enterprise pays more due to volume , but generally pay less on a per user or whatever the unit that constitutes the seas is
No, you can get idiots who are trying to sell you crap, random confused job seekers (who may or may not also be spammers), etc.
1. Someone who wants only one feature that's not in self-service but doesn't have the budget to pay more. 2. Someone willing to pay more but not enough more. 3. Someone who's just trying to compare prices between vendors but isn't a serious buyer (especially when not an existing customer). 4. Various non-obvious spam (affiliate resellers, etc.). 5. Someone who's interested but can't get a sale to happen given their role: has no budget and their manager doesn't have budget, has no authority on technical decisions. 6. Someone who's only curious. 7. Etc. etc. etc.
The level of effort required to press that button is very low, so it isn't that great of a filter. Again, they take those calls because the lack of filtering doesn't mean it's never a quality lead.
“I am a jerk trying to annoy you”
“I am a bot scraping your web site”
“The people setting up the website are incompetent and a blank entry was just added to the database”
“I am a dishonest salesperson with a harebrained scheme to pad my metrics”
I do think we just found the poster who has not worked in sales, though. Please, be sure to count your blessings!
... what?
At my company, we sell deals between $25k and $1.2m/y. You obviously get very different salespeople taking those calls.
Super junior salespeople promoted from SDRs train on the $25k-$40k; most salespeople handle midmarket deals up to maybe $200k; and the very best salespeople get the enterprise leads.
Then depending how formal the customer is the reply can be a text email with a quote, a formal quote that looks almost like an invoice (PDF), or even a 10 page draft document for further discussion.
This might sound like a lot of extra work, something that can't easily be automated, but those companies are used to long sales processes. The product manager needs to liaison with their legal department, then with their accounting department. "Request for quote" and "contact sales" are essentially the same.
It's in the launch HN instructions we give YC founders, which are here if anyone wants to see them: https://news.ycombinator.com/yli.html. All the advice is valid for HN generally, though the logistical aspects are specific to YC.
Edit: I even keep a list of examples to scare people:
https://news.ycombinator.com/item?id=40237070 (May 2024)
https://news.ycombinator.com/item?id=40170609 (April 2024)
https://news.ycombinator.com/item?id=39787870 (March 2024)
https://news.ycombinator.com/item?id=39513573 (Feb 2024)
https://news.ycombinator.com/item?id=31840885 (June 2022)
https://news.ycombinator.com/item?id=31659066 (June 2022)
https://news.ycombinator.com/item?id=31655259 (June 2022)
https://news.ycombinator.com/item?id=30630736 (March 2022)
https://news.ycombinator.com/item?id=29554111 (Dec 2021)
https://news.ycombinator.com/item?id=29552753 (Dec 2021)
* Since we sell mainly to Enterprise they all have procurement people who get measured on how much money they save - with some getting crazy bonuses if they can "save" 50%. So we needed to keep the price inflated by 50% until it gets to them so they can "twist our arm" down to the real price to show their value.
* And if a procurement person can get that 50% off our competitor such that the deal with them makes them look better they'll pick them instead.
* And when we used to put that 2X the real price price on our website some people wouldn't know to twist our arm for the discount and instead just thought we were too expensive. It was also abused by our competitors who were all "Contact Us" to make out they were cheaper than us without giving us the chance to compete.
So instead we do this stupid dance that I hate where we can't even tell the real price to the people in the early meetings (keeping that for procurement at the end of the process) - and we have to do all this fishing to find out who else they are looking at and what their price is that we have to beat before giving them our price. The entire purpose of our Sales Execs is to do this dance to decide whether to give a price and which price they tell to various people at the various stages as far as I can tell - though they actually are pretty good at it...
I came from Amazon where the price was public as were the mechanisms to lower it through various types of commitment so I found the whole thing ridiculous. I have since learned that everybody does it this way and this seems to be the reason. I argued "maybe if we are the one who doesn't in our space then we'll get more business for being the easiest one to deal with?" but I was assured that was not the case and it would just mean procurement people would want 50% off our best price instead...
Our pricing is in general based on a "fixed" monthly per-module price plus max-simultaneous-users price, and then a usage based per-transaction price element in addition.
The "fixed" cost can be somewhat different, typically it's a bit lower for smaller customers which also takes into account smaller customers typically have fewer custom integration needs (ie less custom maintenance/support).
The transaction pricing has a volume discount "ladder" with many steps. So smaller customers pays a lot more per transaction than larger customers. The transaction-based "price ladder" is otherwise quite fixed between customers.
This transaction-based element allows us to have reasonable overall prices for small as well as large, as it scales with our customers' activity. If they have a good month they pay more but also have more income.
This model is used for all our customers, from single-employee shops to the largest ones we have (many hundreds of simultaneous users). Our CEO has been clear he doesn't want to be cheapest, but deliver a superior product that justifies the price.
In the 10 years I've been here we've gone from #5 of a group of vendors to a dominating position. I think our pricing model has been one of the factors that has facilitated this.
Year 1 - Form posts into slack. Someone calls you and reads the price off a pdf.
Year 2 or 3 - form posts into CRM. Someone calls you and reads the price off a pdf.
Year 4+ - form posts into CRM. Someone calls you and maybe enters some details into a Google sheet.
Think very hard before using something not upfront about pricing.
It's not extortion. A good salesperson is looking for a good customer that actually needs the product. They want to make sure that the product is a good fit for the customer. Selling to a business that doesn't need the product is not only a waste of time, but it actually costs the business, as the customer will quickly cancel and all the work the account executive put in to learning the business ends up in a net loss
I had one large, famous call center vendor who were running on a monolithic Java backend in their own data center, with a six-week implementation time for a completely vanilla configuration, and for which the simplest change required a professional services engagement. There is no technical reason the entire thing couldn’t have been done with self-service signup and configuration, and indeed that’s how their smaller, younger competitors do it.
The pricing will be basically the same rate for everyone, with discounts based on actual scale, but there will be a minimum commitment which will be calculated to be substantially less than your likely bill -- this is to encourage you to actually start using the service, rather than sitting on it for another year while you wonder if the conversion will be worth the trouble.
(It is. Clients love us after they actually start using us. One of our big sales drivers is employees of clients going to work at other companies and noting how much worse things are without us.)
Then the client will have due diligence and security questionaires and want to negotiate some fine details of the contract. Will they require special setup services? More or less training than usual? Sometimes this will require a one-time fee.
you'll get a list price (the price that the company needs to sell at with lots of margin added on top), and, depending on how serious you are and your actual needs, you'll get a "real" price after a sales person/sales engineer qualifies you.
there are a million ways big-money SaaS licenses can be discounted, but it always depends on the buyer, the relationship, how "sticky" they'll be (i.e. will they use it for a year and bounce, or could they be a multi-year loyal customer), sales targets and how much other stuff they might purchase.
also, like a previous poster said earlier, there are lots and lots and LOTS of ways that enterprise software can be purchased. "request for quote" sales flows covers that.
SaaS companies do this because so much of B2B pricing is a function of value and willingness to pay for that value.
SOC2 reports, SLA monitoring dashboards, 5% annual increase limits, they can put literally anything as a requirement.
Once I was cooling my heels in the lobby of Oracle and, looking around realized I’d had a stupid brain fart. So I opened my laptop and doubled the price of every line item in the quote (felt very high tech in ~1994). They complained about the cost, but paid. They would have complained about the original quote: complaining about the cost is the first step of negotiation.
I’m surprised there isn’t a service that takes the requestor’s email address (if it’s something generic like @gmail.com, DWIM-searches LinkedIn), looks them up in an in-house proprietary database, and sends you a score (a multiplier).
Someone should start that — it’s probably a quick flip to Experian.
We'll walk through the problem you're facing that lead you to fill out the meeting form, and you'll either get a solution that day, or it'll be built rapidly.
I started with an "unlimited" plan and very quickly realised this attracts pathological customers for whom $199/mo for unlimited resources is a steal. So now I charge incrementally per resource used (uptime checks, status pages).
I’m guessing you want someone to reach out to you for a video call where they can tell you whether the product works with your Identity Provider, follows your security standards, and has a human who you can negotiate with set starting price per license/head/unit.
What do you put on a features/pricing page to help you start finding out what your enterprise customers might actually want? (Not the generic stuff like SSO and audits, but specific to your product/market).
Just a generic "Don't see the features you need? Email us!"?
When you submit the contact us form I receive a message via Matrix on Element. I also receive an email and the submission is recorded in postgres.
Depending on the request details, I may reach out to you immediately or put you on my task list for 24-48 hours to handle.
I don't sell or do anything with the data. I'm the only person that sees it.
Maybe you are shopping on price.
Maybe you are seeking bespoke services.
In other words, it’s rare to have a huge variation of costs given to customers for the same product, even if they are higher or lower for certain customers.
"Request a quote" is a sign to me that the company is dishonest, with high pressure sales tactics, toxic incentives, and a culture of maximizing profit over providing quality service. I've never seen a counter-example of an awesome, high performing company I loved working with, who went the extra mile, use "Request a quote" or similar tactics.
"Request a quote" is a corporate version of a street busker con, with them needing to get up close and personal, to shuffle the numbers and dazzle you with "here's what we are willing to do, just for you!" as their hand slides into your pocket.
There are always better options that somehow manage to be honest, clear, and upfront with pricing. If a company is hiding the price, it's to get away with something that you'd call out as sketchy if you knew all the information in advance. Even if it's only to force an interaction with a skilled sales agent, it's a despicable tactic.
Pricing is usually the same only scaled higher. We have an Excel spreadsheet that's an extension of the public pricing page. Then we look if something is complicating the contract (but we might only insist on minimum contract length, not higher price) or making it easier (they need less features which actually cost us less money and we can give discounts).
That's for an established SaaS. I assume any new SaaS only few months old will just make prices up on-the-fly (we did!).
I get that it's for differentiation between plans, but as a customer it feels weird to walk into this pricing black hole just for SSO. Maybe you have some experience with that?
Some customers use Okta; great! But some of those customers have Okta configured in ways that don't work with your auth service. Some customers use Okta as a downstream to their _actual_ IdP, which could be Keycloak (a million different ways to configure that) or, god forbid, some custom thing they wrote. You've gotta support that.
Some customers (the ones that will pay the REALLY big bucks) use Active Directory Federated Services and SAML-based auth. SAML is XML/SOAP. Gigantic pain. Gotta support it.
Some customers want LDAP/LDAP-S based auth. Gotta support that.
Given all this, it makes much more financial sense to lock that behind customers who are willing to pay the big dollars for enterprise-y features AND support instead of dealing with infinitely long support tickets.
[0] There is no such thing as a happy OAuth2 flow.
Offering SSO as part of an enterprise SKU offering implies there is a high-touch relationship out of the gate, and that there is a higher chance of success and adoption, including getting SSO set up right.
Furthermore many large behemoth corporations have strange SSO configurations and it's not unusual to require bespoke configuration let alone debugging time.
"Price discrimination" is a pricing strategy where very similar products are sold at different prices in different market segments.
Imagine you've invented an amazing silver bullet that makes software developers 30% more productive.
For the likes of Google who pay developers $200k/year, getting 30% more productivity would be a great deal even if you were charging them $10k per user per year, because that productivity boost is worth $60k.
For unpaid students, casual users, open source projects and cash-strapped micro-businesses - a 30% improvement in $0 is still $0 so they can't afford much. Maybe $50/user/year, and they'll still complain like hell about it. But it'll help your tool spread and build word-of-mouth.
So how do you price your product - $50 or $10,000?
With "price discrimination" you can do both. Offer a cheap tier for home users and micro-businesses, and an enterprise tier with features Google desperately wants, at a much higher price.
By having prospective customers call for pricing, your sales folk can research each customer and figures out whether they're the kind of place that pays their developers $200k/year or more like $30k/year - allowing them to figure out how much the product is worth to that particular customer.
Unpopular opinion - you may like to call it an SSO tax, but I think it's perfectly reasonable from both sides. The reality is - if you're a 10 person startup and the "SSO tax" is annoying, then simply don't do the SSO version...you have 10 people in your company, you can get them all to use a password manager with MFA. If you're worried about security then fine, don't you think it's worth paying a little more?
If people's issue with the "SSO tax" is that the SaaS software provider is making incremental money for very little effort/investment, then I would love to explain how the economics of most SaaS tenancy models work with regards to infrastructure spend...
> be honest, clear, and upfront with pricing
I have seen SaaS sales where the prospect (not the vendor) required contracts to be executed prior to determining requirements. This involved legal on both sides to be involved. Once the trial was started, the prospect required many changes to the app, API, data model, and other fundamental aspects of the SaaS.
In order to account for this, what number would you put on the website's pricing page?
Plan M: $$
Plan L: $$$
Custom: Call +1 555 1234 5678
Thing is, while we might be able to provide a "sticker price" on our webpage that would fit the smallest customers, it wouldn't for anyone larger.
For example, our product has a lot of modules (over 20), and you pay per module. Unless you've worked with our product before, you have little to no idea which modules you need. Best is to give us a call, explain your daily operation and we can then tell you which modules you need and give you some options on which modules you might benefit from additionally.
Anyone but the smallest customers also has some integration. Largest ones have a lot. Do you require a custom integration or can you use our standard integrations? It doesn't help that you run say SAP on your other system, as no two SAPs are the same. Perhaps our standard integration can cover your needs, perhaps not. Similar for a lot of other systems we integrate with.
We have tons of small customers, including many single-employee shops, up to the biggest fish in our pond. There's some variation in pricing between customers through negotiation, but not a lot. It's just that customers have quite varied needs.
I bet those companies also have a "request a quote" process for their enterprise customers, who do not pay the public prices, you just don't see it.
Why aren't companies honest and upfront about this? Sometimes they are. Slack, for example (https://app.slack.com/plans/T02EPKPG3) is pretty straightforward: you can pay $7.25 if you're a normie company, $12.50 if you have more advanced needs, or you can request a quote if you're a giant enterprise who's going to be expensive to support. The risk is that a company which really ought to be in the "request a quote" tier ends up in a lower one and then has mismatched expectations. I've seen one case where a sticker-price-tier customer was absolutely outraged that nobody would set up a call with engineering for him.
Sometimes the cost of an offer is not linear with some metric or easily predictable.
And sometimes the offering company is not Salesforce and just does not have resources or existing similar customers to model price adequately
So whenever a site has hidden the pricing, I'll submit a few requests to make sure it costs them just as much time as it cost me.
LDAP is harder, but IMO you dont need it unless you operate in a very specific industry.
OP is specifically saying this is always a scammy sales tactic. I am asking for a way to arrive at a scalar $ value to put on the website to avoid this tactic of "talking to the customer to determine the price."
The only possible way I can imagine someone with the title "VP" going to a vendor's website and clicking a "get quote" button to get a sales call at a random time from some junior salesperson is if we're talking about one of those companies where they give inflated titles and anyone who isn't an intern is a VP-of-something-or-other.
Which predictably often lead to vendors losing out because their sales people ghosted team leads.
That's egregious.
If you start with a list of every SaaS company, and then delete 10% of them at random, you probably have a good approximation of the offenders though.
As it should be. Enterprises are notoriously difficult to support because the decision makers there believe their size allows to them to dictate to the seller anything and everything, including the seller's product roadmap.
Enterprise much more expensive and filled with features you can't even buy as addons in the lower tiers. An E5 license is sometimes almost three times more expensive than the self service license, but includes all the crap Microsoft can stuff in the license in return (some of it useful, like P2 AAD, MDM etc).
Or, it's someone who the SaaS vendor forced to click that button by putting OIDC ("Sign in with..." or "Continue with...") behind that, using "SSO" as a price discriminator.
> For organizations with more than a handful of employees, this feature is critical for IT and Security teams (...) In short: SSO is a core security requirement for any company with more than five employees.
No, it isn't. They'd like it very much, but the SSO tax is proof positive that this is not a truly critical feature for small customers. In fact, it pretty much measures at which point it becomes critical.
But even assuming updated systems, how could you give an accurate quote without understanding the customer's needs? Make someone fill out a big form providing estimates of their usage? Now you're just putting the customer on the hook for generating the quote. The sales rep can translate their requirements into an accurate quote without putting the burden on the customer to understand the product more than they need to. Also, the customer may need the quote to land a contract.
The complexity of the software's pricing is a reflection of the complexity of the customer's needs.
Actually, AWS has a call center offering, and look! Self-service activation, usage pricing right there on the page, even a free tier to try it with — or of course you can contact sales if you want to. How do they do this? Their technology isn’t from the early 2000s.
(And giving a customer a quote so they don’t have to understand the product? That just sounds like a bad idea all around…)
That's good for you. Your very specific example is one that seems to worked out for you in your very specific case. My point is that sometimes usage isn't so easily measurable and is multi-variate. You might not be able to calculate the cost with simple multiplication, especially when there's many SKUs. Say you offer 100x services, but the customer only needs 10 of them. Are they going to look through the list of your 100 offerings, mapping their requirements to what you offer and hoping the math works out? Probably not. It's way easier to talk to an expert at the company and understand if the product is a good fit and get a proper quote. A good sales meeting saves both sides so much time and money.
> And giving a customer a quote so they don’t have to understand the product? That just sounds like a bad idea all around…
You've fallen into the classic HN trap of assuming that everyone that uses software is also a software developer. Sometimes, you're selling to the HR rep or a CxO. They don't have to understand the implementation details of the product to understand whether it meets their needs and if it is a good investment. If you have to go deep into API calls while explaining the price, you're going to lose the sale.
But "Sign in with..." or "Continue with..." M365 and Google gets you almost all SMB, and with Apple gets you individuals who spend money.
Add a domain check and you have the quick and dirty equivalent of SAML SSO without any touch at all.
People are currently implementing a simple self-service for common SAML and OIDC providers, like O365 and such. This will be free and recommended for all customers to use, because I believe in providing actual security for our customers.
And then you can order a consulting project on top to figure out a good way to import user groups, user identities and such into the platform, and ideally to integrate our preferred group structures with a customers existing approval and group structures. This also includes help to initially connect us to the IDP. This is priced at a relatively cheap consultant level.
And then there is a second tier of consulting projects if the customer is using a non-standard IDP and can't do it on their own. Like, we have one customer that has an in-house developed SAML provider, but the original people who worked on it aren't there anymore. That was an interesting project and I learned way more stuff about SAML than I ever wanted, and also fixed a bug in their SAML provider code. This is priced right between "subject matter experts" and "no".
That's what I consider a very fair split. Simple SSO for everyone, especially on standard providers. And if you want to save a day or two of your identity and authentication teams, you can hand us some cash to do so. Smaller customers generally won't need this, they usually just have 1-2 groups they want to push and that's easy to do, but large customers with complex directories and many users in different departments like these projects a lot.
But it's silly paying more than a FTE's salary just for the SSO tax when you've got 5 people.
OP is specifically saying this is a scummy pressure sales tactic. I am asking for a specific number to put there instead, in the interest of transparency.
Every service that puts SSO in an enterprise tier is a security risk and shouldn't be touched with a 10 foot pole.
Go ahead and put Kerberos and SAML and maybe even LDAP SSO in Enterprise tier, but if you put OIDC in enterprise tier, you're responsible when your customers will get inevitably hacked.
Usually it's because too much is hidden.
Not a SAS, but I once tapped an ad for redoing my shower. No prices, no way to know even approximately what it should cost.
I wanted more information, but I didn't want a phone call. I filled out the form asking for some high-level information on pricing, and that I didn't want a phone call.
Needless to say, the rep never responded to my inquiry.
But, put yourself in my situation: I don't want calls at random times of the day that are convenient to a salesman. I want to talk on the phone at a time that's convenient to ME, and only if I know the (ballpark) range of what you're selling costs. If a new shower costs $5k, and I won't be in a position to spend that for 18 months, I want to know that I should pick up the phone then, not now.
But low lead quality persists no matter what you do. It's just reality that lots and lots of people will request demos with zero buying intent. Sometimes people are just bored? Sometimes people are scamming? Sometimes people confuse you with a company that has a similar name (e.g. CSC [1] vs. CSC [2]). You'd be shocked how much traffic a SaaS company can get after some random government agency halfway across the world with a vaguely similar name appears in the local news.
It's actually a remarkable amount of work to take a list of N "high-intent" inbound leads, filter out the garbage, and get your ICPs on the phone.
[1] https://www.cscglobal.com/ [2] https://en.wikipedia.org/wiki/Computer_Sciences_Corporation
No. It's. Not.
You get crap inbound because the process is frictionless.
> I wanted more information, but I didn't want a phone call. I filled out the form asking for some high-level information on pricing, and that I didn't want a phone call.
Needless to say, the rep never responded to my inquiry.
But, put yourself in my situation: I don't want calls at random times of the day that are convenient to a salesman. I want to talk on the phone at a time that's convenient to ME, and only if I know the (ballpark) range of what you're selling costs. If a new shower costs $5k, and I won't be in a position to spend that for 18 months, I want to know that I should pick up the phone then, not now.
I feel you. I really do. I've been in this position before. But until you operate a business at scale and see what absolute utter crap comes through the door, only then will you really understand what's behind the scenes.
Maybe if transparent pricing were posted, some people would choose not to submit, but it won’t stop all the crap from coming in.
You either:
1. Pay sales people to construct custom slices of services with custom prices and force them and your customers to hash it out via communication.
or
2. Commit to choose-your-own-adventure offerings where customers just check boxes and see pricing change in real time.
Option 1 retains negotiation advantage and makes more money for the company even though they pay sales people.
Option 2 removes sales people and gives up negotiation advantage, which customers would love.
Saying that, in the option 1 scenario, "crap" comes through the door because the process is frictionless is like saying a person died of suffocation instead of that they were strangled in a domestic dispute: there's a lot more going on.
Internet aside, it seems like those filter roles are much less likely to exist these days. Either you get someone who has no idea what's worth filtering, or you have to try to communicate with the expert directly and burn their time figuring out who's worth following up with.
It's not my fault I'm a "low quality lead" because you didn't put any pricing on your SaaS page and your price point is way outside what I'm willing to pay.
> Treat your customers as shit etc.
They aren't your customers unless they start paying you. That's the point.
Websites that put a cart online with a checkout process manage to get "customers" just fine. If you think you want to give everyone a custom quote then don't complain when people ask for one.
I could list several big SaaS names where you always seem to end up in the same place: SSO is bundled with a bunch of other stuff you don’t need; at renewal time user counts always ratchet up, regardless of actual active users; increases in unit price of things you do need are “compensated” with “discounts” on things you don’t need or calculated off a nonexistent price that was never an option in the first place.
It has nothing to do with selling me what I need. If I ask if it can do what I need, frankly much of the time the answer is a lie, or close to it. Or the answer is “we don’t know, but sign the contract and we’re sure Professional Services can take care of it for you”.
Yes, if you actually want to use the APIs it’s even more of a disaster, but that’s not what I’m talking about.
When your business is a reasonable size, you'd be surprised what kind of service you receive.
> If I ask... the answer is a lie.
Which company actually did this to you? If that happened, it would be a breach of contract.
At this point you've said some things that lead me to believe that you haven't actually had any experience whatsoever working out a contract with a SaaS account executive, so I'm going to respectfully back out of this thread.
I’ve gone through a few “migrations to SSO” after years of non-SSO with customers in the past and it’s a fucking expensive nightmare.
This is incorrect.
Don’t get me started on the services that have their own smart ideas on what constitutes a safe password. Max 8 characters with no repeated letters and of which 4 must be an emoji, with automatic logout every 12 minutes. Yes those still exist.
Password policies are things you want control over in your IdP to avoid all this BS. SSO really should be standard.
Storing ClientID and ClientSecret for OpenID, or some keys for SAML per customer is much easier, and a lot less risky.
After all, I'm in the business of solving (insert SaaS problem), not in the business of solving authentication.
It's a bunch of handwaving to try to get price discrimination for a "how the Internet is supposed to work" standard everyone, even a single dev client of the SaaS, should be using.
And that the SaaS provider should be pushing so they don't have the liability of subscriber credential database protection ...
Having assessed 600+ software companies (many of which are 5-50 employees), I'd say about half of them use MFA consistently across their business. And it's not a budgetary issue, but more of a logistic/IT/prioritization one.
This is literally not the case. The pricing is nowhere near 50x - in fact if you negotiate the rates are only marginally higher than the tier below it.
FWIW - the sentiment I get here is that the gripe isn't necessarily the pricing (you notice how no one has quoted specific increases?) but that they have to pick up the phone to talk to someone for what they believe to be such a small feature.
> There are many 100 person scale ups that are pre-profit for who the hassle of managing separate accounts for X SaaS tools for 100+ people
So you're telling me that a company is complaining that they have to pay extra money for features that reduce their administrative burden and limit their risk, thereby costing them less money? Explain that one to me...
> There are many 100 person scale ups that are pre-profit
Also, put yourself in the seat of the owner of a software provider, would you rather win the sales opportunities of 10,000s of businesses that aren't pre-profit or the hundreds of businesses that match your criteria? I know who I'd be marketing to...
Yet the customers still paid, so it was worth for them.
Unfortunately, a need for SSO is about the only reliable way to gouge a large corporation. As a small fish you may like SSO, want SSO, you may even think you need SSO, but you really can get by without just fine. You're small - you can get around the requirements, or pivot, or whatever. A corporation is big and slow and can easily get themselves into a situation where not adding SSO will become a blocker for deals denominated in double-triple digit millions, but abandoning your product or the whole business segment will cost similar amount of money. In that situation, the vendor can have a field day milking the cash cow.
The more time goes on, and the cheaper actually running SSO becomes, the less this is true. Props to Github for allowing me to do SSO on my 1 man enterprise for $21/month.
Even if you have just 20 people, not having to manage separate sign in’s on all services is just so pleasant. Not pleasant enough to jump from $2400/year to $24k/year on all 10 of them though.
SSO is the only way to get 2FA working without the friction becoming prohibitive.
If SSO is a paid feature, only in some plans, you're selling an insecure product. You wouldn't make security patches exclusive to the enterprise plan, you shouldn't make 2FA/SSO exclusive either.
Extra security is a feature of enterprise plans precisely because enterprises are forced to buy them by compliance requirements (a good chunk of which is just security theater and blame shifting); no one else cares, people buy stuff, things mostly do not go wrong - a market balance is achieved.
I can see why this isn't ideal or desirable, but security maximalism also has a nasty habit of killing all utility of products and disempowering end-users, so I'm very much in the camp of trading security over other concerns.
That seems exceedingly unlikely. When I'm shopping for a new vendor I have no idea who I'll use until I talk to a few to see how the offerings vary and which ones fit my budget.
The ridiculous part is how much time is wasted getting to the price. Then it turns out it is above my budget, so it's all wasted time on both sides. I don't expect a final price on first contact because I know enterprise contacts have variables, but give me a ballpark figure in the first 30 seconds to see if it's worth continuing to talk for three weeks or just end it there.
Just recently had a vendor (named similar to this site but "One" instead of "News"!) who gave me an approximate quote on day 1. Sounded perfect, fit my budget. So we continue talking about the details for many weeks. Only after a lot of time they reveal that quote is just for the core service we need, but there's also several other mandatory fees so the actual quote was like 3x higher. Far above my budget. Many weeks wasted. Maddening.
Imagine you're an experienced user of AWS, you know their prices fit your budget, and you know experienced people are easy to hire.
But before signing that multi-million-dollar purchase order, your boss asks you to get a quote from Oracle Cloud.
Will you get the quote? Yes. Will you select Oracle? Maybe if they're 30-40% cheaper. Will they be? No.
Ok you picked the one example where companies probably know where they're going already, mostly based on what the CTO liked in the past.
For the 99% other vendor procurements, one doesn't usually know yet before talking to them to get details and pricing.
This quote reminds me of an eye-opening speech I attended way back about the things you learn about when you run a business.
One of the lessons was that hiring the wrong salesperson can put you out of business. When you're hiring the first time, you think they're going to maximize their commissions. In reality, a lot of people are satisfied getting half the income they could by only taking the easy money. They might have to work five or ten times as hard to make the second half of sales, so they let those customers know they're disinterested and they go elsewhere.
The tougher half of sales are maybe 90% of the potential customers, or maybe more than that. You lose 90% of your customer base initially, then people talk to others about their experience, you've lost half of the rest, and suddenly you're no longer a viable business.
But I agree the first few sales people are crucial, that’s why the founders do it usually
I don't know if that specific ratio is true, but it feels right. The OP's scenario is vivid to me. So many salespeople just want the fish to jump in the boat...
I'm curious about how they know.
I'm actually in that exact process, and have absolutely no idea if half of the providers I'm looking at have a decent product.
There's no free tier so I can't just create random accounts and see for myself. To your point, I'm also not the last decision point, but will be the poor soul explaining why we should choose X or Y to get someone up the chain to approve the money.
Your point probably stands for companies that will blindly buy the overpriced market leader anyway, and do whatever it takes to make it work whatever the proposition. But that's not even half of the market I think, very few companies actually require the top of the line service, by definition.
> I'm actually in that exact process, and have absolutely no idea if half of the providers I'm looking at have a decent product.
Because they used it at a previous company, because they're renewing with their current vendor but are required to compare prices, because the CIO got a recommendation at a conference that is now mandatory, because their ex-colleague works at the vendor, etc.
Recommendations from colleagues who used it at a previous company can be so bullshit. We had someone heavily recommend Monday for ticket management, and oh god was it awful. It made me miss JIRA.
Incredibly important for filling in billing paperwork, because practicing medicine is an increasingly small fraction of a doctor's time. This doesn't necessarily counter your point, but it's interesting how job allocation makes little sense and most expensively trained people are used to do the most menial jobs, because it's somehow cheaper than keeping extra headcount of lower-paid clerical workers.
Same is the case in software industry. A lot software engineer's work involves dealing with bullshit that should be, and used to be, handled by a dedicated staff.
lol, that's exactly what the grandparent author explained.
Actually this is a funny point to bring up - believe it or not, there are legitimate situations in which a potential customer requires that they speak to someone or they will simply ignore the company. So as a software provider, it's absolutely true that you may indeed miss out on potential revenue if you dont have an established channel that isn't a "simple online cart".
That's a good point. There are a lot of those, and a significant fraction is about some information critical to the customer, that is not present or not entirely obvious on the site. Things like:
- Are you double-plus sure that when I order a violet widget, I get a violet widget? The UI isn't inspiring confidence, and there's a deadline, so unless I can be certain, I'll go with the more expensive vendor whose site is more clear on that.
- There's bunch of bank holidays and stuffs coming up in the next couple days; I need to be sure you'll send the package tomorrow at the latest, or it'll hit a weekend and then a holiday and it'll arrive late, by which time it'll be worthless for me.
Etc.
I've abandoned plenty of carts due to inability to clarify things like that, and I've many times significantly overpaid just to deal with a vendor or system where I don't need to ask for clarification in the first place.
Still, here's the thing: in each case, I had enough information already that I knew I want to buy. I knew the costs and delivery estimates and exact models/parameters. Without all those information, I wouldn't be calling to clarify - I wouldn't consider buying in the first place.
But from your previous comments, although you are singing praises for the custom solution, you actually find it annoying when people use it?
Price is not one of them.
Says who?
In reality, users don't care. Regulators, however, sometimes do, which leads to certifications and compliance requirements - and only then SSO and MFA become non-negotiable.
That's precisely why SSO is so important. It's the only way to get people to use 2FA and strong passwords without compromising usability.
Only big corporations need security, after all, if a small company gets hacked, well, they should've paid more?
What kind of late-stage capitalism is that? You're knowingly selling an insecure version and somehow it's the customer's fault they didn't buy the "actual security" addon?
It would be a shame though if you demanded unpaid work from others, but didn’t live by the same rule yourself.
As you might have read in other comments, the point of the form is to create a filtering mechanism to sift out the shit.
You're also right that some fraction wouldn't be contacting asking for information if the information was more readily available.
They're not shitting on customers and abdicating responsibility for making a better website. They're pointing out something important and unintuitive.
I don't know how to bridge a conversational gap like this because it really is something to experience. Another form of it is job applications. At least 1/3 is just random people.
To try to show some humility beyond "bro u ever done this???":
- My mentally disabled sister, tested at 4th grade level at her peak, and would often spend days applying for random jobs that sounded cool. I'm not talking like "oh Dairy Queen cashier.", I mean, director/CXO etc.
- At my first company, we'd get a contact every 3-6 months, with demo-like questions from the same person. We were small enough that we couldn't chase every lead, made enough money we didn't have to, and I didn't like encouraging active salesmanship. After a couple years, someone followed up asking what his business was like. It was an 11 year old using a point of sale app to get drink orders from his friends from the family pool.
They organised an in-person demo at our office after they filled in the online forms for their "multi-million dollar drinks distribution company", right in our target zone of customer type and size. So we had a few salespeople present to give a swish demo and hopefully win them over.
Turned out to be a 15 year old doing door to door sales of his home made ginger beer. He told us our (half the price of the nearest competitor) product was too expensive for what it was and that we would never succeed in business like he would.
Kudos to our sales guys though: After the initial shock and eye rolling, they treated them like the large business they claimed to be and just used the time to practice their demo/sales techniques.
To be fair, when you're a 15 year old selling homemade drink, everything seems expensive, because you have basically zero costs other than your own time and a sack of sugar and it's difficult to conceive how much money roars around in business with any non-family employee.
I've been working 20-ish years and I still get sticker shock over even quite minor things even though some sap pays me three figures, more than my childhood annual income maybe, a day.
Perhaps it's too much free (as in beer) software and over exposure to ridiculously cheap-through-insane-scale consumer goods - a whole mid-grade phone for the same cost as a meal for two, say. But I think there's also a huge disconnect with how we tell children the world of "good, capitalist work", in which they'll probably spend the rest of their lives, works, and how it really works. About all you really get is Peppa Pig setting up a lemonade stand and learning a lesson on the value of hard work, say, and a jagged line graph briefly mentioned on the news.
The school system, at least for me, was extremely light on that kind of thing, even when you include economics (which I didn't take). In fact even in the media, other then specifically financial things like the FT, how the whole world actual or books in the subject specifically, how everything actually functions at any practical level is just...never really mentioned. Kids might know every kind of dinosaur, the function of the bits on the steam engine, the names of the sails on a ship-of-the-line, but it's almost like everyone has agreed we just don't need to talk about daily reality. It's like a huge "draw the rest of the owl" meme.
You're right that some fraction of people reaching out for into wouldn't be reaching out for info if the info was readily available.
This is very true, to the point its reflexively and obviously true.
It does not falsify the lived experience you'll have at a business with contact forms, be it for job applications, or product inquiries.
> Saying "crap" comes through the door because the process is frictionless is like saying a person died of suffocation instead of that they were strangled in a domestic dispute
This has to win some sort of prize for analogies.
Here's mine:
An open contact form on the internet is like leaving your front door wide open in a busy city. Sure, some people might wander in because they couldn't find your house number, but you'll also get lost tourists asking for directions, door-to-door salespeople hawking their wares, and the occasional raccoon looking for a snack. No amount of information on your facade will prevent the guy who thinks your living room is a public restroom from stumbling in.
I need less than a glance at the text on my contact form when I’ve seen the email address.
I'm sure he'd like the enterprise snack plan.
Agreed. I guess the point is that that is obvious to anyone who has ever run a website, and therefore facile.
It neatly skips over or ignores the fact that you don't have to have any crap come through the door at all: just put multiple signup buttons that require payment.
Coming at this another way: salespeople should be smiling and celebrating when crap comes through the door because without negotiated "enterprise" plans, the companies would probably make less money and have less need for salespeople.
Instead of crap, maybe it's salesperson gold?
The salespeople should be celebrating every incoming contact because having contacts at all means you get sales?
These are narrowly true, I assume first isn't something you're seriously advocating for, and second is a form of "starving kids in africa"/"i used to walkup hill to school both ways" fallacy.
FWIW, I don't get the impression anyone is arguing for "how do we ensure every contact we invest in is viable?" or "We need to figure out how to ensure salespeople never have negative emotions about an incoming contact's quality".
Lots of people live without things others observe they need. Doesn't make going without a good idea.
> Companies that actually need SSO are the ones that have internal or external compliance requirements...
This logic is backwards.
Why do you think SSO is a "requirement" that security certifications or compliance policies look for? Why did that come to be? Who does SSO benefit? Are those personas relevant for only large companies or small ones too?
Do beginning drivers not “need” seatbelts or brakes? Or are these devices only needed to avoid tickets and pass inspection?
If anything, small companies need SSO more than any others - those companies usually outsource a lot (SaaS vs a dedicated hire), managing credentials is annoying.
Of course, it’s not really conceivable they’ll ever need to know the names of the sails of a ship if the line either.