This is very much correct, and quite self-evident: they live without, therefore they don't need it. Wanting something != needing it. Companies that actually need SSO are the ones that have internal or external compliance requirements, and/or for which managing users without SSO becomes prohibitively expensive. Turns out, at that point, they're willing to pay through the roof for it.
> quite self-evident: they live without, therefore they don't need it
Lots of people live without things others observe they need. Doesn't make going without a good idea.
> Companies that actually need SSO are the ones that have internal or external compliance requirements...
This logic is backwards.
Why do you think SSO is a "requirement" that security certifications or compliance policies look for? Why did that come to be? Who does SSO benefit? Are those personas relevant for only large companies or small ones too?
Do beginning drivers not “need” seatbelts or brakes? Or are these devices only needed to avoid tickets and pass inspection?
One thing worth pointing out. If you don’t mind using GitHub or Google you can get “SSO at home” for a lot of things, since most
SaaS provide Google/Github login in their lower priced tiers. It will usually be OIDC based and not SAML, but it’s definitely possible to use these providers up to a quite significant scale.
Why? You use SSO in your personal life all the time. Why would you not want to continue doing so in your business?
If anything, small companies need SSO more than any others - those companies usually outsource a lot (SaaS vs a dedicated hire), managing credentials is annoying.
This is incorrect.