search

robchahin / sso-wall-of-shame

A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.
https://sso.tax
Apache License 2.0
631 stars 291 forks source link

ADP not on the list #80

Open NickSLara opened 4 years ago

NickSLara commented 4 years ago

ADP seems to gate SSO behind a paywall, and a relatively complicated one at that. I couldn't find much documentation, but we work with ADP and they told us outright that we would have to pay a premium of $5,000 to get an app on their marketplace that we would then have to configure to enable SSO functionality.

https://support.adp.com/netsecure/pages/pub/docs/fed/ADP_Federation_Overview.pdf https://apps.adp.com/en-US/apps/159971/adp-federated-single-sign-on#!reviews

afield1235 commented 4 years ago

What SSO provider do you use? Are there already other apps on their markplace for Okta, Azure, Onelogin etc.?

NickSLara commented 4 years ago

We use Azure for SSO here. In order to get any SSO integration whatsoever on ADP, you have to subscribe to their federated SSO app, according to their documentation and documentation I've found on Azure's and Okta's knowledge bases

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-ADP.html https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/adpfederatedsso-tutorial

While the above articles don't specifically say you will have to pay for the federated SSO app, upon going through ADP's documentation and marketplace, you will find that there a one-time cost of $5,000 to enable the feature. If you have an ADP account, you can see the pricing here:

https://apps.adp.com/en-US/apps/159971/adp-federated-single-sign-on-for-adp-vantage-hcm/editions

If you don't have an ADP account, I can attach a screenshot of this if you'd like.

afield1235 commented 4 years ago

Sounds like a straight up racket. Wow.

mbainter commented 2 years ago

I'm not even sure how to classify this one. This isn't just an SSO Tax, this sounds like a bigger problem than just trying to squeeze you for money, and is more in the realm of a terrible implementation. At least it's only a one-time tax.

Even so, given this is now unmaintained, there is now a fork that we're hoping to keep maintained via community participation. If this is still the case with ADP, would one of you please submit a fresh issue with current details to that repository?