Just to briefly weigh in on my own experience with the SSO Tax as a provider and customer.

  1. Any SSO that is not bog standard Microsoft or Google does come with meaningful costs that can get out of control.
  2. SSO has never succeeding in reducing support for log in issues, and sometimes has increased it.
  3. The SSO tax is more about a signal– SSO is required by large, sophisticated clients. But those customers and buyers almost always also require other things that are complex and expensive like negotiating contract terms versus standard terms of service, purchase order/invoice-based payment with net 30 or longer terms, etc. You’re not being upcharged for just SSO, it just so happens that requiring SSO is a pretty good sign you’re going to be a much more complex customer on the whole.

I quite often see the SSO tax only being applied to custom SAML BS, whereas a standard log in with Microsoft/Google/Github/OAuth provider-named-here is not an extra charge. I think that makes perfectly good sense.

And by the way, Microsoft Entra/ADFS/whatever they call it is an insanely jacked-up and dumb system– like all things Microsoft.