Normal companies use their annual user conference to unveil all the new exciting stuff they’re building and create some buzz (and fill their sales funnel) for the year ahead. Amazon Web Services (AWS) is no normal company, however, and, while its own user conference, re:Invent, is jam-packed with announcements, this company moves in a different orbit from others.
You see, the rate at which AWS introduces new products is insane. The graph below shows the products that AWS considers are significant, that they have introduced in the past few years. This doesn’t include simple things like new server configurations or whatever. These are solid and substantive product announcements. So, that introduces something of a conundrum for the re:Invent planners, there is no humanly viable way to actually drop all that stuff in one week – the attendees would end up with a severe case of whiplash.
It is for this reason that AWS has moved to a more regular cadence of product announcements – indeed in the weeks before re:Invent there were a number of product announcements. This even continued after the event, only a week or two after the workers stripped down all the re:Invent signage from around Las Vegas, AWS introduced another new product, a Single Sign-On (SSO) offering.
AWS SSO is a tool that allows users and organizations to manage SSO access and user permissions to all of their accounts in AWS organizations centrally. It has to be said that AWS SSO is a fairly lightweight offering at this stage. At the moment it seems to primarily be focused on offering SSO across AWS’ family of products. But the important term here is “at this stage.” AWS has a storied history of landing, expanding, and building on early traction in particular verticals.
Indeed AWS SSO also includes built-in SAML integrations to many business applications, such as Salesforce, Box, and Office 365. Where these SaaS vendors are integrated, it’s not a big deal to leverage the same API set to cover a world of other cloud-based products. And from there it’s not a huge leap to cover SSO for on-premises applications.
This is, of course, the space that Okta and OneLogin play in – giving a central platform for the control and management of sign-on across cloud and on-premises services. The value proposition is that users and organizations don't need to handle a bunch of different services for controlling separate usernames and passwords for every account. You log in once and you have access to all of the included cloud services.
SSO as a vector for luring customers onto the platform
It is somewhat ironic that AWW introduces SSO in the same week that I wrote about their apparent de-emphasizing of their SaaS offerings. While, at this stage, SSO is focused on covering AWS offerings, it potentially indicates a renewed intention to add value higher up in the stack.
SSO is also a good tool to help customers understand the platform-value that AWS brings. SSO has, after all, been one of the ways that Microsoft has helped convince its customers to move away from their on-premises deployments. Microsoft’s Azure Active Directory Service offers admins an experience similar to what they’re used to with their on-premises offerings, just as a cloud-based service. And, once people are using cloud-based directory services, it’s an easier sell to get them hooked on SaaS offerings. For AWS this means tools like WorkDocs, WorkSpaces and other products.
SSO competitors put on a brave face
It’s always interesting to see the response from pure-play vendors when a platform vendor enters their space. AWS’ introduction of SSO is no-different, and Okta -- perhaps the best known SSO vendor -- proactively came out with some bullish comments. By way of email, Okta CEO and co-founder, Todd McKinnon, gave me a positive spin on the news saying:
"Following in the footsteps of Microsoft and Google, Amazon’s announcement is further validation that identity is a highly strategic market. It’s a market we continue to define and lead because we offer the most complete and neutral identity cloud. We connect everything, including AWS, Google, Microsoft and their competitors. The value of identity lies in its ability to securely connect people with any technology. SSO is one piece of the identity puzzle: MFA and identity APIs are others.
We’re continuing to invest in making it easier for businesses to use the best technologies available – including AWS – as we have with Google, Microsoft and the 5,000+ integrations in our network. We’ve seen this story before with Salesforce Identity, Microsoft, and Google. We’re confident in our ability to continue driving innovation in the market as the leading, independent identity provider."
McKinnon obviously has a lot at stake here. Okta went public in 2017 when it raised $229 million in its IPO. It has 3,000 enterprise customers covering a claimed 40 million users. That’s a big footprint, but the reality is, no matter how McKinnon spins it, that their business development work just got harder. They have another massive vendor that they need to sell against – and if you’re an enterprise with some existing history with AWS, the fact is it’s just easier to buy your SSO product from them as well.
AWS is the thousand-pound gorilla in the marketplace and, no matter what other vendors say, its entry into a new area makes people shake with fear. AWS’ success with SSO will be predicated on it investing time, attention and resource to the product and moving fast to build out the functional spec. Watch this space.