Chapter 18. Getting Your Application Ready for the Enterprise
Ayman Elsawah
Selling upmarket to enterprises has become ever so important for many startups. Selling to enterprises, however, is starkly different from selling to the consumer market or even other startups.
For one thing, enterprises have security teams, and oftentimes a long list of security requirements. Getting past the gauntlet of security questionnaires and scrutiny is a hurdle in itself. However, if your application does not have key security-focused features, it may be a nonstarter for the enterprise.
The following are some features you may want to consider when building your product.
Enterprise Single Sign-On
Enterprise single sign-on (SSO) in this case does not mean supporting Google or Twitter login. This means that you are allowing the enterprise to integrate your product into its internal enterprise user directory, which can often be Okta, Ping Identity, OneLogin, or similar.
Your application will need to support SAML and OIDC. A majority of enterprises use SAML, so if you had only one to pick, then start there. OIDC is a more modern approach, and it will just look good on your organization if you support both.
The benefits of SSO integration include a better user experience for customers, less product friction, and more importantly, relief from storing any credentials (passwords or security questions) ...
Get 97 Things Every Application Security Professional Should Know now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
