Misleading SSO marketing

Hi,
not sure if this is the right category for it, given that it’s not really a question, but:

I just bought a Advanced License specifically because Single Sign-On was advertised, only to find out after activating my license that what is supposed is not Single Sign-On, but only LDAP.

I found this thread Setting up Single-Sign-On for AMP which shows to me that clearly there is a huge misconception here and the false marketing likely isn’t intentional.

However, unlike stated by the Staff member in above thread, LDAP is not a Single Sign-On mechanism. LDAP is a Same Sign-On Mechanism.

Other mechanisms like OIDC and SAML are indeed Single Sign-On, and hence something along those lines is what I expected.

Or, as explain by amazon (What is SSO? - Single Sign-On Explained - AWS):
“Single sign-on systems require a one-time authentication from the user. Once logged in, the user can access other web applications and services without re-authenticating themselves. Meanwhile, same sign-on requires the user to repeat the login process each time with the same authentication credentials.”

LDAP only syncs the username/password, and allows someone to authenticate with the same user in multiple places. This is, however, not Single Sign-On, as one still needs to authenticate against AMP separately.

All I ask is to please adjust the wording on the description of the advanced edition to properly reflect the state of things. In above thread it was also said that OIDC and similar are planned for the future, so I’ll stay with the advanced license - but nevertheless it is very misleading and technically false marketing.
It does seem obvious that this was not out of malice but just an accident, but should still be adjusted.

Thanks for your message, indeed it is a mere oversight. Although what is actually offered is covered by the hover message thankfully:
image

That said, we’re currently doing some of the underlying work necessary to make OIDC specifically possible, so that won’t be too long now. :slight_smile:

Thanks for the reply and that it won’t be too long now is great to hear!

To be honest, I didn’t even see that hover message :sweat_smile:
I use Authentik which basically supports any protocol for SSO from OIDC to SAML to Header-Auth and more, so I didn’t bother to check the details of what protocol is in use as I assumed that, well, it’d be some sort of actual Single Sign-On.

Do you know that if I were to still implement LDAP now, would it be possible to cleanly “migrate” the users over to OIDC? Is there going to be a way to “link” existing users to OIDC? Or will OIDC always create new users as it will count as a “separate” authentication source?

Some apps implement this one way, some another, so it’d be nice to know in preparation if it makes any sense to setup LDAP now.