Aug 2, 2024
Table of contents
One platform for all your workforce-management needs. That's what Rippling promises. It’s an HR Information System (HRIS), an IT management solution, and also an accounting software. In this post, we’ll be focusing on its IT function.
Specifically, we’ll explore the true cost of using Rippling as an identity provider. It offers Single Sign On (SSO), multi-factor authentication (MFA), and user-lifecycle management.
We’ll also compare it to other existing solutions – Okta and Google Workspace — to help you determine whether it’s the best option for your organization.
Whether you’re using Rippling HRIS and looking to add app management, or you’re simply looking for the best identity and access management solution, this post is for you.
Decoding Rippling's pricing model
Before you can access any other Rippling feature, you’ll need to subscribe to Rippling Unity. That’s their HRIS tool, which also serves as the workforce directory. So, if you already have another HR management tool and you’re looking to add identity and access management, Rippling will not be ideal for you.
But let’s say you want the HRIS and SSO. Here's how much it will cost you.
Rippling Platform (HRIS): A $420 per year base cost + $6 per month per user.
App management (Identity and Access Management): Minimum $6 per month per user
Implementation fee: $2,000
So, for a company with 75 employees, the first-year cost would be $13,220, or $1,102 per month. This amounts to about $14.70 per employee per month. Rippling doesn't explicitly state its pricing. You'll need to contact sales to receive a quote, so your pricing might differ slightly from this example.
But, just a moment, we’re not done. Although Rippling isn't considered cheap, the subscription costs aren't the main issue. Rather, the problem is another hidden cost that most people only learn about after it’s too late.
SSO Tax: The hidden cost
Rippling uses SAML for SSO and SCIM for automated provisioning and deprovisioning.
Security Assertion Markup Language (SAML): This is the standard used to exchange authentication data between different systems. Consequently, once a user is authenticated on Rippling, they’ll be granted access to all the other relevant systems in your business.
System for Cross-domain Identity Management (SCIM):Another standard for communication between different systems. But instead of authentication information, it’s used to exchange identity information. It enables admins to create, maintain, and delete user accounts for all apps directly on Rippling, instead of accessing each app individually.
Unfortunately, most SaaS vendors provide the SAML and SCIM APIs only on their more expensive enterprise plans.
SSO Tax is the extra cost you incur to upgrade your license. It can be anywhere between 15% and 6,000%.The latter is on the extreme end, but it’s not uncommon to see at least a 100% increase from the original price.
Let’s use the company with 75 employees again, to demonstrate how SSO Tax affects your SaaS budget. We’ll call this company BlueLine solutions.
The true cost of Rippling: A fictional case study
BlueLine is a startup with 75 employees. Some of the SaaS services in use at the company include Github, Jira, Hubspot, Slack, and Figma. How much will this company spend in a year to use Rippling for identity and app management?
SSO Tax cost
There’s a wall of shame dedicated to vendors that charge SSO Tax. You can check it out to see which of your SaaS providers are on it, and how much they charge. In the case of BlueLine, the cost is as follows:
For all five SaaS apps, BlueLine will need to upgrade from the base plan to the enterprise plan to get SAML and SCIM support. Hubspot alone costs an extra $2,800 per month — which translates to $33,600 per year. When you add up the rest, the total annual spend increase comes to $63,665.
The unfortunate part is that BlueLine doesn’t need all the other extra features bundled within the enterprise plan for each tool. They just want an easy way to manage identity and SaaS access, and it’s costing them an extra $63,665.
Now, add the $13,220 Rippling subscription cost we highlighted earlier — and the true cost of Rippling comes to $76,885. This is just a simple illustration using five commonly used SaaS tools. A typical startup with 75 employees uses 40-100 SaaS apps.
Now, do you see how the SSO Tax can quickly get out of hand?
Rippling vs Okta
How does Rippling compare with Okta?
Both tools have all the basic features of identity and access management. That is: SSO, MFA, and automated user provisioning/deprovisioning. On top of that, Rippling comes with a password manager and offers device-management capabilities. You can use it for zero-touch software installation on employee devices and for remote patching.
On the other hand, Okta’s strength lies in its granular control over SSO. For instance, you can use it to block users based on their location.
Still, both Rippling and Okta have the same major downside. SSO Tax! You can check out our post on the true cost of Okta.
What if there were another option that offers the full identity and access management features, but without the complex and costly SAML and SCIM API configuration?
An alternative solution: Google Workspace + AccessOwl
Google Workspace is an excellent identity provider. That's undisputed. It offers SSO through the “universally” supported Sign-in with Google option and MFA is free.
What it lacks is solid access controls and automated user-lifecycle management. This is why most businesses start looking at alternatives after they’ve reached a certain stage — such as growing to 50+ employees or after successful Series A funding.
However, combining Google Workspace and AccessOwl can be a better and cheaper alternative than switching to a dedicated IAM solution. Google will remain as your identity provider, while AccessOwl takes care of SaaS access and user-lifecycle management.
The best part is it doesn’t rely on SAML or SCIM. This means no SSO Tax — and no thousands of dollars in implementation costs. The tool supports over 200 out-of-the-box integrations, including HRIS tools like Rippling, Bamboo, Personio, and Workday.
AccessOwl also tracks and documents access requests, approvals, and permission levels for every connected app across your organization — making it perfect for compliance adherence. You can also use it to scan for Shadow IT, free of charge.