I'm really not cut out to work for a big corporation.
Even if they charged $0.50/per user, that would be $5k/month. I could go as a consultant and charge half of that to setup vaultwarden integrated with their AD for maybe 2 lazy days, and offer a support contract for $500/month. It's not even that much of rare skill. I'd guess you can randomly selected /r/selfhosted users and I'd give 10% of odds to find someone who has done it already and would even offer to do for less.
Yet, I think that most managers would simply prefer to go through all the negotiation meetings, all the internal procurement process just so they can justify the big boy expenses.
> I could go as a consultant and charge half of that to setup vaultwarden integrated with their AD for maybe 2 lazy days
That's a very simplistic view of how it works in even a medium sized real company. Google SSO is already available for many external services you might use which is a lot easier to integrate than doing and maintaining something yourself. Especially because if there's an issue it's blocking everyone in the company at the same time. It makes sense to outsource that if it's not your core business.
While I don't disagree with the gist of your idea (it can be cheaper in-house), I believe you're underestimating the ongoing support cost. At 10k users, it will become a part time support position to manage the solution, handle credential resets, write and update documentation, handle all client side problems, maintain ongoing ad / account integration and browser plugins, deal with any security certification required for services in your corp, comply with backup/data retention rules, etc.
You're saying $500/mth, but my response would be: this is half a full time IT support position and it needs a secondary + on-call cover.
That's the other part that breaks my lizard brain.
We are talking about $5k/month vs $500. If the UX of the FOSS version is lacking, pay for the closed version BUT throw $1000/month on the direction of the FOSS developers until the issues are mitigated and they satisfy your requirements. I can bet that in less than a year you'd be able to make a switch and the investment would pay itself.
> BUT throw $1000/month on the direction of the FOSS developers until the issues are mitigated and they satisfy your requirements
This is not at all an easy thing to guarantee even if you’re willing to spend the money. The FOSS developers might not be interested in doing this work (even for pay) nor have UX staff.
Do you have any idea how much "developer power" you can buy with $1000/month, if you just look in the right places?
So many talented people working for that money or less in São Paulo, Buenos Aires or Hanoi, it would be worth it to give it a shot even if they just worked part-time.
Third option: the team looks at the work from someone who is outside and bring them to do the things that the team is not interested in doing.
In all three cases, though, it sends a signal that there is demand for the changes. This works as both validation for the developers (our users wants this so much they are paying someone else to do it) and also for other companies (oh, why should we be paying this much to a closed-source service if we can pay a fraction of the price to get a reasonably-well-supported open source version?)
(Most) managers hate meetings just as much as you, and they're not wasting money for the fun of it. Every technical manager has inherited problems because someone at some point tried to save money by hiring a random dude on the cheap who just half assed it.
You go with companies that can demonstrate scalability because they provide project governance, proper change management, and layers of redundancy and support in the event of an emergency.
When I was working at Deutsche Telekom, I actually heard the CIO from a German Bank say they "were not interested in our (Chromebook-like) solution, because if adopted it will be a lot cheaper than their current windows licenses and that would mean he would lose his budget in 2 years".
Also, the idea that someone charging $2k for two days of work is considered "doing it on the cheap" is almost offensive.
Relative to the enterprise vendor, that is very much on the cheap. I wasn't placing any value on your work, I was referring to the ubiquitous "I know a guy" cost cutting solutions that end up somehow being very, very expensive in the end.
I didn't mean offensive to me, the offensive part is to think as a shareholder or a taxpayer hearing that this kind of problem actually warrants so much money.
I know that people can come up with many perfectly reasonable justifications to spend this much on a service, but to someone like me who grew up in a poor country dealing with recession and austerity policies, it's hard to see these things and not thing "surely we can achieve the same results spending less?"
Even with bulk pricing, the current enterprise providers are quite expensive. I'm a YC founder working with some others on a solution to this that brings the cost way down. If you're interested, send me a quick email and I'm happy to share what we've learned.
With that many users you don't pay the advertised prices. You schedule a call and they make sure you get an affordable offer.
> The average employee likely has 10-20 (hopefully) different sets of credentials that they must maintain and update as necessary
Time for azure, auth0, okta, or some other sso provider to just get rid of the passwords?