Single Sign-On (SSO) — which lets employees use one set of credentials for all (or many of) their apps — is a very effective way to protect work-accounts from a variety of security-threats. Yet many Software-as-a-Service (SaaS) providers treat SSO as a premium add-on, available only in the highest-priced plans. In practice, this means effective security functionality is locked behind “Enterprise” tiers that assume large user counts or bundle SSO with other costly features of little use to smaller customers. This practice has been dubbed the “SSO tax”, reflecting the extra price companies must pay for a fundamental security feature.
SSO Locked Behind Expensive Plans — The “SSO Tax”
SSO can play such an important role to the safe and smooth operation of a business, that it’s hard to overstate the benefit when offered as a part of the core product or a very small upcharge, not an exorbitant jump in pricing. Unfortunately, the reality is far from that ideal — many vendors charge double, triple, or even more just to unlock SSO. This creates a stark disparity across pricing tiers.
Examples of SSO Pricing Disparity
To illustrate the disparity, here are a few examples of how SSO is priced across popular SaaS providers (base plan vs. SSO-enabled plan):
Atlassian (Jira) — Base ~$7.75/user/mo vs. SSO tier ~$11.75/user/mo (≈51% increase).
Slack — Base ~$7.25/user/mo vs. SSO (Business+) ~$12.50/user/mo (≈72% increase).
Asana — Base ~$25/user/mo vs. Enterprise ~$60/user/mo (140% increase).
Airtable — Base ~$10/user/mo vs. Enterprise ~$60/user/mo (500% increase).
Breezy HR — Mid-tier $171/mo vs. SSO tier $1500/mo (777% increase).
Cloudflare — Base ~$20/domain/mo vs. SSO plan ~$1000/domain/mo (4900% increase).
(Numbers come from sso.tax on March 10, 2025)
These numbers, captured on the community-driven “SSO Wall of Shame” list(sso.tax), show how a basic security feature is paywalled at 2×, 5×, even nearly 50× the cost of the standard service. In some cases, vendors don’t even publish SSO pricing publicly (“Call us” for Enterprise rates), implying that only those prepared to negotiate big contracts can afford SSO.
Impact on Small Businesses: Below the “Security Poverty Line”
For smaller organizations, this pricing strategy has real security consequences. Many small and mid-size businesses (SMBs) simply forego SSO due to cost, operating with separate logins and weaker controls. SMBs often stick to manual password management because SSO is “only available as a premium enterprise-level service” that costs significantly more per user and usually demands a high minimum user count. These steep barriers put full-featured SSO out of reach, so smaller firms remain stuck with the inferior security of disparate accounts and shared passwords. It’s a classic example of companies falling below the “security poverty line,” unable to afford basic protections that larger enterprises take for granted.
A survey of over 100 chief information security officers (CISOs) found that 80% of the SaaS applications employees use at work are not integrated into any SSO portal. When asked why, the top reason was the licensing cost for SSO. In other words, the SSO tax leads many organizations to go without single sign-on, leaving a sprawling number of accounts unmanaged and increasing the risk of credential theft. Security researchers note this dynamic directly undermines the security posture of resource-constrained businesses.
No Regulatory Push (Yet): An Accountability Gap
One might expect that such a clear security gap would spur industry standards or regulations to fix it. So far, that hasn’t happened. There is no specific law or compliance framework forcing SaaS providers to include SSO in affordable plans. While security frameworks (SOC 2, ISO 27001, etc.) encourage strong access controls, they apply to the customer’s practices, not to vendor pricing structures. In essence, vendors face little accountability for pricing SSO out of reach.
That said, pressure is starting to build in other ways. Government agencies and cybersecurity experts are increasingly calling out the “SSO tax” as harmful. CISA’s “Secure by Design” guidance explicitly recommended that single sign-on “be available by default as part of the base offering” and not an onerous add-on. Their stance is that customers should not have to pay premium prices for basic security hygiene.
Making Security a Standard: SaaS Providers’ Responsibility
It’s time for SaaS companies to recognize that they have a responsibility to provide essential security features to all customers, not just the biggest spenders. If a vendor proclaims “we take your security seriously,” that promise rings hollow when basic SSO costs extra or requires an Enterprise plan. Instead, providers should treat SSO as table stakes — a default capability of the product. Cybersecurity officials argue that security should not be a luxury good, but rather a fundamental customer right.
Some SaaS leaders have publicly reversed course on the SSO tax after realizing its implications. For example, the CEO of one software startup admitted that charging 2 — 5× more for SSO was almost entirely profit-driven — “SSO costs close to nothing after a little automation, so this price increase is all profit” — and said it “always felt a little gray hat.” His company ultimately stopped charging extra for SSO, even though it had been a lucrative revenue lever.
Call to Action: Demand Fair Security for All
SaaS customers, especially small and medium businesses, have a powerful role to play in pushing the industry toward fairer security offerings. If you’re a SaaS buyer or decision-maker, consider these actions:
Insist on SSO during procurement. Ask vendors whether SSO (via SAML, OAuth, etc.) is available in their lower-tier plans.
Leverage Buyer Influence. If a preferred vendor locks SSO behind an enterprise tier, negotiate. By pushing back on the SSO paywall, you signal that lost business is a real risk of this practice.
Choose Security-Conscious Vendors. When comparing software, give preference to companies that don’t charge an absurd “SSO tax.”
Join the Conversation. Share resources like the SSO.tax “Wall of Shame” or CISA’s guidance on secure-by-design principles with peers and on social platforms.
Demand Secure Defaults. Whether it’s SSO, MFA, or audit logging, push your vendors to bake these in by default.
By banding together and making security a deciding factor in buying decisions, customers can help end the SSO tax. SaaS providers will realize that holding essential security for ransom is unacceptable in today’s threat landscape.
References
Here is a list of references used in the blog post
1. The SSO Wall of Shame: https://sso.tax/
2. The SSO Tax is Smart Business, and Bad Security: https://alexgaynor.net/2025/feb/07/sso-tax-smart-business-bad-security/
3. Explaining the Backlash to the SSO Tax: https://blog.1password.com/explaining-the-backlash-to-the-sso-tax/
4. Your Guide to the SSO Tax: Why It Exists, Costs, and Workarounds: https://www.accessowl.com/blog/your-guide-to-sso-tax
5. SSO Taxation and Why It’s Time To Stop: https://stratanorth.co/2023/02/28/sso-taxation-and-why-its-time-to-stop/
6. The “SSO Tax”: How to Overcome SSO Pricing Challenges: https://www.sastrify.com/blog/sso-a-basic-security-need-or-an-enterprise-level-luxury
7. What is the SSO Tax and Why Does it Matter?: https://www.savvy.security/glossary/what-is-the-sso-tax/
8. The SSO (Single Sign-On) Tax — Understanding the Controversy: https://openobserve.ai/blog/sso-tax/
9. What is Single Sign-On Tax? https://integrations.idemeum.com/what-is-sso-tax/
10. SSO Fees & Taxes: What is it and am I paying for it? https://www.gettalisman.com/blog/sso-fees-taxes-what-is-it-and-am-i-paying-for-it
11. 80% of SaaS-Applications not connected to SSO: https://www.grip.security/blog/why-sso-doesnt-protect-80-of-your-saas