Co-founder of BoxyHQ here - We've crafted an open-source enterprise SSO because we firmly believe that robust security shouldn't be a privilege limited to large organizations. Ideally, essential enterprise-level features like this should become commonplace for all.
While we acknowledge the reasons behind SSO being in the enterprise tier, we're all on a collective journey to enhance our security measures. Open Core models are indeed a good option (my preference), yet the dynamics vary across solutions and industries. It's up to each of us to explore, experiment, and discover what resonates with our market. In doing so, we can foster growth while maintaining our commitment to supporting the community in the long run.
Hey everyone, Retraced is an audit logs OSS product, that was initially built by Replicated and it has been enhanced by BoxyHQ.
With it you can now give your users the superpower to track every critical event within your product, and get full visibility over their account’s activities on your app. You will also allow them to send security-related events to their SIEM. It would be great to get your feedback.
Key features:
- Compliant audit logs for your product
- Record user and system activities
- Admin UI to view logs. Also embed the viewer anywhere in your product
- Export events to CSV or security systems like your favourite SIEM
- Cryptographically guaranteed immutability of logs with a verifiable digest
Thanks for the insights, have you seen any good practice (tips) on how 'security mechanisms for development' could actually help security teams and developers work smoothly? Instead of being the reason for conflict.
Sounds like BoxyHQ could be relevant here. Plug-n-play for developers that need to build enterprise features like SSO, audit logs, directory sync, privacy vault and other boring stuff that are required to be compliant.
100% free & self-hosted. It's Open source (Apache-2.0 license)
[I am one of the co-founders, sorry for the plug]
@pranav_rajs I couldn't see some enterprise-grade features like audit logs or privacy vault. Would love to help for free. Open source & plug-n-play: www.boxyhq.com
Enterprise-ready SaaS Starter Kit is a Next.js based SaaS Starter Kit that can save hundreds of development hours while building enterprise SaaS apps.
Even though there are many similar projects out there, focusing on the enterprise readiness aspect could help developers save some time. It still is in an early stage of development, that's why feedback would be great!
Agree, I think it is impossible not to compare with others. I don't think you always have to "walk back from it", sometimes is good to achieve your goals, the challenge is doing it in a healthy way.
Fair point, but going through the comments, I'm not trying to sell anything. One is reframing the suggested question and sharing a consolidated list of resources. The other two are on a free tool (not suggested before) to solve the problem stated, so the aim was to expand the options. But point taken ;)
This is counterintuitive because the more productive your development team is the more security holes they will leave behind. The thing is how to keep the productivity while increasing the security.
Curious to hear more about other alternatives to building it internally, lately I've heard a few people claiming that they built it in 1 - 2 days. Still don't know how.
There are good open source solutions that let you plug and play these enterprise features (I am biased here). But instead of thinking about the problems with implementing Single Sign-On, I think we should focus on a bigger problem: How can we make security accessible and simple for developers? I am not saying don't charge for SSO, I know it helps startups be sustainable, but here is where I truly believe that open source is one of the key answers.
Indeed, people forget about the cost and pain of supporting these things. For full disclosure, I am a co-founder @BoxyHQ, an open source devtools startup providing free enterprise SSO (called SAML Jackson), directory sync (beta - feedback is welcome), audit logs and so on.
Pricing is tricky, and as you said, people complain a lot. Since this is because we all have different points of view, we will never agree. But there are some things that most of us should agree, like the fact that we need to raise the security standards. Then the question is what we can do as a community - besides trying to avoid being on the sso.tax list.
While we acknowledge the reasons behind SSO being in the enterprise tier, we're all on a collective journey to enhance our security measures. Open Core models are indeed a good option (my preference), yet the dynamics vary across solutions and industries. It's up to each of us to explore, experiment, and discover what resonates with our market. In doing so, we can foster growth while maintaining our commitment to supporting the community in the long run.