Depending on the point of view it can also be a strength. Actually many of our customers like that we're in Slack because their people are already there:
- no login required to request an access
- they don't need to "learn a new application"
So for end users that's great. There is still a web app for admins with more details.
But I can see where you're coming from. We plan to offer an alternative to Slack to be independent if the customers want that.
From a legal point of view that might be true, but I believe people are not aware that this is a problem. They just register, check the "Agree terms of service" box and do whatever they want to do. I saw that often, especially with Marketing.
Which makes it even worse because you cannot detect that then :/
Shouldn't people just be able to try out new things? How can a company be innovative otherwise?
And at a specific point (e.g. putting customer data into it), they need to start a proper vendor assessment process.
Yes, that's what I heard too.
I mean they still have SCIM which allows you create/remove user accounts via API. Although that's still security relevant, giving at least SSO out for free would help already. Still, I would prefer something that does not relate to security.
What do you mean with Docker? I saw on their page that they offer SSO on the highest tier, so they do not look solely on ARR then?!
Hmm audit compliance? Google gives you a log of who logged in where, doesn't it?
And with "proper RBAC" you mean that you can put somebody into the "Developer" role, hence he gets AWS, GCP, Datadog, right?
Oh yeah, that's indeed a step back when you compare it like this.
Especially today, automation should be possible everywhere. There is no real reason for that. SaaS apps could just stop blocking that and everyone would be happy. Some just need to start...
Indeed, that became a bad practice... Zoom, Calendly just to name a few do that. That's so stupid and just not customer-friendly at all. Whenever I see this, I start searching for an alternative...
But there are also role models in the market like Slack that prorate even based on days after a user was deactivated. And they even remove users from billing when there were inactive for a longer period. Very kind :-)
Oh yeah, Elixir is just amazing <3. We use it for our commercial platform accessowl.io. Parts of OpenOwl are originated from there. It was the fastest way to push OpenOwl out. Moreover doing it like this allows us to use OpenOwl as library there.
But yeah I was thinking longer about it as Playwright is pretty good for scraping/RPA and works best with Node. One (expected) limitation is that we cannot easily open a browser window to let the user enter a OTP or solve a captcha as we encapsulated everything into Docker. Not sure how we can solve it yet...