HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mathiasn

no profile record

Submissions

Show HN: Shadow IT Scan – Uncover SaaS Apps, Users and Risky OAuth Scopes

accessowl.io
69 points·by mathiasn·2 years ago·36 comments

Elixir: Sortable Unique IDs \O/

github.com
4 points·by mathiasn·2 years ago·0 comments

Elixir: Get Alerts for Timed Todos

github.com
1 points·by mathiasn·2 years ago·0 comments

Elixir: Better Solution for Waiting for Async Tasks in Tests

dockyard.com
1 points·by mathiasn·2 years ago·0 comments

[untitled]

1 points·by mathiasn·2 years ago·0 comments

Show HN: Ending the Absurdity of SSO Tax – Introducing ssotax.org

ssotax.org
14 points·by mathiasn·3 years ago·4 comments

Ask HN: Is there still a reason to use Okta for SSO? Okta vs. Google SSO

37 points·by mathiasn·3 years ago·34 comments

Show HN: Skip the SSO Tax, access your user data with OSS

github.com
220 points·by mathiasn·3 years ago·103 comments

comments

mathiasn
·last year·discuss
Is that something you want to open source?
mathiasn
·2 years ago·discuss
https://ssotax.org gets more updates. There is also a Friends of SSO page :-)
mathiasn
·2 years ago·discuss
What are other potential platforms?
mathiasn
·2 years ago·discuss
Or better ssotax.org which is already way ahead.
mathiasn
·2 years ago·discuss
Yeah that's the old not very much up2date page. https://ssotax.org has more data and even has a Friends of SSO page.
mathiasn
·2 years ago·discuss
Depending on the point of view it can also be a strength. Actually many of our customers like that we're in Slack because their people are already there:

- no login required to request an access - they don't need to "learn a new application"

So for end users that's great. There is still a web app for admins with more details.

But I can see where you're coming from. We plan to offer an alternative to Slack to be independent if the customers want that.
mathiasn
·2 years ago·discuss
Slack is required for AccessOwl. It's used for things like approval workflows, task management and notifications in general.

What do you use instead?
mathiasn
·2 years ago·discuss
From a legal point of view that might be true, but I believe people are not aware that this is a problem. They just register, check the "Agree terms of service" box and do whatever they want to do. I saw that often, especially with Marketing.
mathiasn
·2 years ago·discuss
Which makes it even worse because you cannot detect that then :/

Shouldn't people just be able to try out new things? How can a company be innovative otherwise? And at a specific point (e.g. putting customer data into it), they need to start a proper vendor assessment process.
mathiasn
·2 years ago·discuss
Have you seen Livebook? Best Jupyter Notebook ever!! https://livebook.dev/
mathiasn
·2 years ago·discuss
or even better https://ssotax.org
mathiasn
·2 years ago·discuss
BTW: https://ssotax.org is more up2date
mathiasn
·2 years ago·discuss
It's a community project, you can just update it :-)
mathiasn
·2 years ago·discuss
There is a better ssotax.org which is more up2date and has even a Friends of SSO page.
mathiasn
·3 years ago·discuss
Yes, that's what I heard too. I mean they still have SCIM which allows you create/remove user accounts via API. Although that's still security relevant, giving at least SSO out for free would help already. Still, I would prefer something that does not relate to security.

What do you mean with Docker? I saw on their page that they offer SSO on the highest tier, so they do not look solely on ARR then?!
mathiasn
·3 years ago·discuss
Hmm audit compliance? Google gives you a log of who logged in where, doesn't it? And with "proper RBAC" you mean that you can put somebody into the "Developer" role, hence he gets AWS, GCP, Datadog, right?
mathiasn
·3 years ago·discuss
Oh yeah, that's indeed a step back when you compare it like this. Especially today, automation should be possible everywhere. There is no real reason for that. SaaS apps could just stop blocking that and everyone would be happy. Some just need to start...
mathiasn
·3 years ago·discuss
Did you also consider building it with Elixir and LiveView?
mathiasn
·3 years ago·discuss
Indeed, that became a bad practice... Zoom, Calendly just to name a few do that. That's so stupid and just not customer-friendly at all. Whenever I see this, I start searching for an alternative... But there are also role models in the market like Slack that prorate even based on days after a user was deactivated. And they even remove users from billing when there were inactive for a longer period. Very kind :-)
mathiasn
·3 years ago·discuss
Oh yeah, Elixir is just amazing <3. We use it for our commercial platform accessowl.io. Parts of OpenOwl are originated from there. It was the fastest way to push OpenOwl out. Moreover doing it like this allows us to use OpenOwl as library there.

But yeah I was thinking longer about it as Playwright is pretty good for scraping/RPA and works best with Node. One (expected) limitation is that we cannot easily open a browser window to let the user enter a OTP or solve a captcha as we encapsulated everything into Docker. Not sure how we can solve it yet...