HackerTrans
TopNewTrendsCommentsPastAskShowJobs

andy89

no profile record

Submissions

Show HN: Free SoC 2 readiness checker – built after spending $15k on consultant

3 points·by andy89·há 6 meses·0 comments

[untitled]

1 points·by andy89·há 8 meses·0 comments

Ask HN: Has anyone phased out Azure B2C without breaking user flows?

1 points·by andy89·há 8 meses·1 comments

[untitled]

1 points·by andy89·ano passado·0 comments

Made a CIAM hub – what should we add?

ssojet.com
1 points·by andy89·ano passado·3 comments

Guide: Integrating Okta SAML SSO with Next.js (Passport and API Routes)

ssojet.com
1 points·by andy89·ano passado·1 comments

Show HN: Directory of 100 SaaS tools that support enterprise SSO (SAML, SCIM)

3 points·by andy89·ano passado·4 comments

When Should a SaaS App Implement SAML Authentication?

1 points·by andy89·ano passado·3 comments

Ask HN: Should You Include a Certificate in a SAML AuthnRequest?

5 points·by andy89·ano passado·2 comments

We couldn't explain our SoC maturity, so we built a self-assessment tool

soc.tools.ssojet.com
2 points·by andy89·ano passado·1 comments

[untitled]

1 points·by andy89·ano passado·0 comments

[untitled]

1 points·by andy89·ano passado·0 comments

[untitled]

1 points·by andy89·ano passado·0 comments

Anyone else struggle with SSO/SCIM as a small SaaS?

ssojet.com
1 points·by andy89·ano passado·1 comments

[untitled]

1 points·by andy89·ano passado·0 comments

[untitled]

1 points·by andy89·ano passado·0 comments

[untitled]

1 points·by andy89·ano passado·0 comments

[untitled]

1 points·by andy89·ano passado·0 comments

[untitled]

1 points·by andy89·ano passado·0 comments

How to Implement Okta SAML SSO in Next.js: A Step-by-Step Guide

ssojet.com
2 points·by andy89·ano passado·1 comments

comments

andy89
·há 8 meses·discuss
For context, here’s the part I was referring to about the “catch them at login” / JIT idea:

https://mojoauth.com/blog/how-to-migrate-to-passwordless-fro...
andy89
·ano passado·discuss
We recently had to implement SSO for a multi-tenant SaaS platform. The usual names came up (Okta, Auth0, Ping, WorkOS, etc.), but the deeper we looked, the more complicated the tradeoffs became.

We created a comparison table across 15 SSO providers — focusing on protocols (SAML, OIDC, SCIM), admin UX, dev experience, pricing models (per user vs. per connection), and use-case fit (CIAM vs workforce IAM).

It’s here if useful: https://ssojet.com/blog/top-10-sso-providers-2024/

Curious how others here navigated this — especially around: - When SCIM or JIT provisioning became non-negotiable - How you handled multi-tenancy or tenant branding - If pricing or vendor lock-in became an issue

Happy to share our notes or answer questions.
andy89
·ano passado·discuss
Thank You
andy89
·ano passado·discuss
Working on a central CIAM knowledge hub — SSO, SCIM, API security, zero-trust, etc.

Noticed most guides out there are too fluffy or scattered. Here's what we’ve got so far: https://ssojet.com/ciam-101

What’s missing? Would love ideas from folks building auth systems.
andy89
·ano passado·discuss
I recently had to wire up SAML-based SSO with Okta for a Next.js project. Most of the resources I found were either outdated or assumed a ton of boilerplate. I ended up combining passport-saml, iron-session, and custom API routes to make it work cleanly with Next.js.

Covered in the guide:

Okta SAML setup + metadata extraction

Configuring Passport strategy

Secure session handling with iron-session

API route-based login/callback/logout flows

Protecting SSR pages and basic user provisioning

Tips for testing locally with ngrok

If you’re building enterprise-ready apps with Next.js and need SAML support, this might save you some time: https://ssojet.com/blog/integrating-okta-saml-sso-with-your-...

Feedback welcome, and I’m happy to help troubleshoot if anyone hits weird edge cases like ACS URL mismatch or certificate issues.
andy89
·ano passado·discuss
Yeah, totally fair — we’ve run into the same thing. Some vendors list SSO/SAML just to check the "enterprise-ready" box, but it's not actually live or usable.

Right now the directory just flags that SSO is publicly claimed, but we’re working on a second pass to add verified protocol support, links to setup docs, and even plan requirements (like Enterprise-only).

If you’ve got examples of false claims, I’d love to include them as edge cases — could help others avoid the same surprises.

You can check out our directory from here: https://ssojet.com/b2b-sso-directory/
andy89
·ano passado·discuss
Here’s the directory: https://ssojet.com/b2b-sso-directory/

No signup, just a public list — feel free to send additions if you think something’s missing.
andy89
·ano passado·discuss
Absolutely — SAML almost always comes up the moment you’re in talks with IT or security teams. It’s a clear signal you're moving upmarket.
andy89
·ano passado·discuss
We’re a small security team inside a growing SaaS org, and during enterprise sales and audits, we kept getting asked: “How mature is your SOC?”

The usual frameworks (NIST CSF, MITRE ATT&CK) are great but heavy — hard to apply without a full SIEM or IR team.

So we built a self-assessment tool focused on practical maturity signals like:

Logging & alert coverage

IR workflows

Automation usage

Post-incident reviews

Framework alignment (at a high level)

It generates a maturity score + highlights where to improve. It’s been helpful for planning, reporting to leadership, and onboarding new security hires.

We cleaned it up and released it publicly:
andy89
·ano passado·discuss
Compiled a detailed JWT security checklist covering everything from signing and expiration to storage, validation, and transmission — structured for use across mobile apps, SPAs, web apps, REST APIs, and microservices. Includes dropdowns for security levels (basic to high-security contexts like healthcare/banking).
andy89
·ano passado·discuss
We built a few internal tools to help us deal with SSO and SCIM for our B2B SaaS. Things like testing SSO flows, optional MFA, and email-free onboarding.

Now thinking of turning it into a product (ssojet.com). Wondering if others here have faced the same pain? Would love feedback.
andy89
·ano passado·discuss
Hey HN,

Scaling a B2B SaaS product to meet enterprise demands is tough. I've been wrestling with integrating features like robust RBAC and complex subscription models. I've compiled a list of tools to tackle these challenges head-on.

Has anyone else struggled with these specific enterprise-readiness hurdles? What solutions have worked for you?
andy89
·ano passado·discuss
Great post on deploying static sites to Azure CDN with GitHub Actions OIDC! For anyone looking to test and debug their OIDC implementations, I highly recommend trying out https://oidc-tester.compile7.org/.

It’s a developer-friendly tool designed to help you quickly identify and resolve issues with your OIDC setup. Give it a try and let me know what you think!
andy89
·ano passado·discuss
We recently wrote a detailed guide on integrating Okta SAML SSO with Next.js. This covers everything from setting up Okta to handling SAML assertions in your app using passport-saml and iron-session.

Key takeaways: Why Okta + SAML is ideal for enterprise-grade security. How to configure SAML in Okta and Next.js in under 30 minutes. Code examples for login, callback, and session management routes. Best practices for session security and certificate management.

If you’ve worked with SAML before or are considering it for your app, I’d love to hear your thoughts!
andy89
·ano passado·discuss
Thank you for your interest and feedback! I'm glad to hear that the UI looks good and that you're considering giving the SAML Tester a try. I apologize for the inconvenience with the broken links. We'll look into fixing them right away. In the meantime, if you have any questions or need assistance with your SAML setup, feel free to reach out. We're here to help!
andy89
·há 2 anos·discuss
I recently discovered this resource repository that's been incredibly helpful for staying updated with cybersecurity news and learning materials. It's particularly valuable because it:

Organizes cybersecurity resources into well-structured categories (news, research, training, and community events) Includes both technical resources and learning materials suitable for different skill levels

Maintains active curation with recent updates focused on emerging technologies Provides detailed metadata for each resource (update frequency, access type, content format)

The repository goes beyond just listing links - it includes guidance on how to use each resource effectively and maintains quality through community contributions. I found the sections on threat intelligence resources and professional development particularly well-organized.

What I appreciate most is how it bridges the gap between technical documentation and practical learning materials, making it useful for both security professionals and those learning about cybersecurity.

Repository structure is clean, with automated link checking to ensure resources stay current.
andy89
·há 2 anos·discuss
I've spent the last few months analyzing how different businesses approach seed keyword selection, particularly in technical industries like cybersecurity. Here are some interesting patterns I found: Key findings:

Most businesses overcomplicate keyword selection with 50+ seed keywords Data shows 5-15 core seed keywords per category is optimal Technical industries benefit from a hierarchical approach (core term → technical variation → specific use case) Found clear correlation between keyword hierarchy and ranking success

I've documented the complete analysis, including:

Methodology for identifying optimal keyword count Data on keyword performance by business size Impact of industry maturity on keyword selection Step-by-step process for building keyword hierarchies Real examples from technical industries
andy89
·há 2 anos·discuss
If you're in the cybersecurity space and struggling to get noticed online, our latest blog might be just what you need. We’ve put together a comprehensive guide on how to optimize your SEO strategy specifically for cybersecurity firms.

From keyword targeting to content strategy, this step-by-step guide offers practical tips to help boost your search rankings and attract the right audience.

Check out the full guide here

Would love to hear feedback from anyone working in cybersecurity or digital marketing. Any thoughts on optimizing SEO for this niche?
andy89
·há 2 anos·discuss
ink building is a vital strategy for increasing your website's authority and improving search engine rankings. For cybersecurity websites, focusing on high-quality backlinks through niche directories, collaborations, and guest posts can drive traffic and improve SEO. Our comprehensive guide covers these strategies in detail and provides actionable tips specifically tailored to the cybersecurity industry.

Check out the full guide here: Link Building Strategies for Cybersecurity Websites
andy89
·há 2 anos·discuss
PDF 7 is an efficient and reliable app for all your PDF needs. Organize, merge, rotate, compress, and convert PDFs effortlessly. It also supports converting images and documents to and from PDFs, along with various additional features like extracting pages, repairing files, and more.