(no title)

Hey, in my opinion it is fair to have some features behind a paywall for an open core model (although I am not a fan of it, but I really understand the reasons).

But personally, I think having core security features (which I believe SSO is, e.g. also for small orgs) behind such paywall is not really helping the product.

Using a free plugin developed independently from the core product does incur other issues e.g. during updates etc. Also, it does present an additional hurdle for all non-enterprise users to make use of the, typically, more secure SSO solution they might already use leading to - in my opinion - more unsafe deployments of Payload (or any other product). It is also not helping to overcome the cybersecurity poverty line anytime soon.

When I am deciding whether to buy the enterprise version of a product, for me a main concern is whether I would also be able to use the product with its core features without any subscription (preventing vendor lock-in, in worst case I would be able to run the product on my own for a specified period of time). This wouldn't be the case if no user can login any more ^^

One last aspect: We as an organization also provided and extended SSO implementations in various products in the last years. But we only do this if the SSO code is free software. In our experience SSO implementations are way better if they can be improved by the community.