If a software developer has no experience adding #OIDC/#OAuth, #SAML #SSO (Single Sign-On) to a web application, he/she needs to understand the complex OIDC/OAuth or SAML protocol, practice the SDK/API from the identity provider, manage user sessions, and write code, it usually takes 3-6 months of engineering work for 1 application.
Once the initial work is done, it requires constant maintenance and improvements. Also security vulnerabilities can easily be introduced if the security expertise is lacking.
As an engineering leader, you are wasting your developers' time and your precious engineering resources if you assign such tasks to your developers.
A #NoCode proxy-based solution is obviously a much better alternative.
Top comments (3)
My definition of no-code is NOT using library from IdP [1] or SDK from some programming frameworks, e.g., Java Spring.
6 months of engineering time is from our conversation with some practitioners. To give you an example, one of large non-profit organizations was migrating apps from legacy basic auth to modern OIDC auth, which is Okta. They had no experiencing of OIDC or SAML. They had two engineering and worked for about 3 months for 1 app.
[1] github.com/AzureAD/azure-activedir...
If you are referring to Azure built-in authentication [1] or azure app proxy [2], both of them are no-code proxy-based solution.
are you talking about using Azure AD SDK?