> This is non negotiable these days, even for the smallest company.
Says who?
In reality, users don't care. Regulators, however, sometimes do, which leads to certifications and compliance requirements - and only then SSO and MFA become non-negotiable.
I work with a variety of small companies (5-25 FTEs) that are increasingly facing strict MFA requirements in order to maintain insurance. SSO isn’t an explicit requirement, but there are a myriad of general access requirements that they struggle to follow without some level of centralization via federated identity/SSO.
Says who?
In reality, users don't care. Regulators, however, sometimes do, which leads to certifications and compliance requirements - and only then SSO and MFA become non-negotiable.