That is not my experience at all. I have recently procured or discussed pricing terms for a few SaaS solutions on Enterprise tier and without exception the Enterprise pricing is a multiple per unit of the highest self service tier. Even after negotiating the price down.
> Enterprise pricing is a multiple per unit of the highest self service tier
As it should be. Enterprises are notoriously difficult to support because the decision makers there believe their size allows to them to dictate to the seller anything and everything, including the seller's product roadmap.
Unless of course you are a small fish who just needs sso for compliance and for some reason you get to pay like you are a $5B conglomerate despite still very much preferring to just pay an advertised price and not spend a month of people's time in negotiations
Unfortunately, a need for SSO is about the only reliable way to gouge a large corporation. As a small fish you may like SSO, want SSO, you may even think you need SSO, but you really can get by without just fine. You're small - you can get around the requirements, or pivot, or whatever. A corporation is big and slow and can easily get themselves into a situation where not adding SSO will become a blocker for deals denominated in double-triple digit millions, but abandoning your product or the whole business segment will cost similar amount of money. In that situation, the vendor can have a field day milking the cash cow.
The more time goes on, and the cheaper actually running SSO becomes, the less this is true. Props to Github for allowing me to do SSO on my 1 man enterprise for $21/month.
Even if you have just 20 people, not having to manage separate sign in’s on all services is just so pleasant. Not pleasant enough to jump from $2400/year to $24k/year on all 10 of them though.
> As a small fish you may like SSO, want SSO, you may even think you need SSO, but you really can get by without just fine.
SSO is the only way to get 2FA working without the friction becoming prohibitive.
If SSO is a paid feature, only in some plans, you're selling an insecure product. You wouldn't make security patches exclusive to the enterprise plan, you shouldn't make 2FA/SSO exclusive either.
Computer systems security isn't binary. It's also not a human right. Or something anyone but small minority cares about beyond the surface level.
Extra security is a feature of enterprise plans precisely because enterprises are forced to buy them by compliance requirements (a good chunk of which is just security theater and blame shifting); no one else cares, people buy stuff, things mostly do not go wrong - a market balance is achieved.
I can see why this isn't ideal or desirable, but security maximalism also has a nasty habit of killing all utility of products and disempowering end-users, so I'm very much in the camp of trading security over other concerns.
