Sep 10, 2024
Table of contents
JumpCloud’s strength as a mobile device management (MDM) platform is indisputable. However, when it comes to identity and access management (IAM), it’s essential to understand the true cost of JumpCloud before expanding its use across your organization.
Sure, it has everything you need in an IAM solution – single sign-on (SSO), multi-factor authentication (MFA), and user lifecycle management. But the true cost goes beyond the standard subscription costs. There are hidden costs, implementation challenges, and ongoing maintenance that can significantly impact your total investment.
Follow along as we break down JumpCloud’s pricing, explain the hidden costs, and see how it compares with other IAM solutions. By the end, you’ll be in a better position to decide whether it's the best fit for you.
Decoding JumpCloud’s pricing model
JumpCloud offers tiered pricing based on features and support levels. It also has a monthly plan, in case you don't want to commit long term.
Here are the tiers and what they include:
JumpCloud SSO: This is the package we’re interested in, and it costs $11/user/month. You get a cloud directory, MFA capabilities, a password manager, and user account management.
Device management: This is the MDM package. It costs $9 per user per month to centrally manage devices including mobile, Windows, Mac, and Linux devices. Or you can pay $13 per user per month to add MFA to the devices and manage the identities of the device users.
Core directory: At $13 per user per month, this tier provides all the core IAM features, plus cloud RADIUS and LDAP protocol support.
Platform: This tier costs $19 per user per month for complete device, identity, and access management.
These pricing tiers provide a clear picture of JumpCloud’s cost structure, but they're not our main issue. We’re more concerned about the frequently overlooked SSO tax.
SSO tax: The hidden JumpCloud cost
JumpCloud uses SAML and SCIM protocols to facilitate single sign-On (SSO) and automated user provisioning and de-provisioning.
SAML, short for security assertion markup language, is used to transmit authentication information from your identity provider (JumpCloud) to your service providers (SaaS apps). This way, a user can log in once on JumpCloud and gain access to multiple applications without needing to re-enter credentials.
The SCIM (or system for cross-domain identity management) protocol is used to exchange identity information between systems. It enables administrators to create, maintain, and delete user accounts for various applications directly from JumpCloud.
Unfortunately, most SaaS vendors offer access to these APIs only as part of their more expensive enterprise plans. The extra cost organizations incur to upgrade their licenses is commonly called SSO tax.
Here’s the real shocker. Depending on the vendor, the increase in price to access SAML and SCIM can be up 100 times more than the standard price. Hubspot, Slack, Jira, Github, and Figma all charge SSO tax.
There's a dedicated website that lists vendors that charge SSO tax. Check it out to see which of your SaaS providers are on it, and how much they charge. You can also add a new name to the list.
The true cost of JumpCloud: A fictional case study
To illustrate the true cost of adopting JumpCloud’s identity and access management (IAM) solution, let’s consider a fictional company called BlueLine Solutions. BlueLine is a mid-sized tech startup with 75 employees.
The company is already using JumpCloud’s MDM platform and wants to add SSO. How much will this company spend in a year to add the new functionality?
Standard cost
BlueLine needs only SSO, which costs $11 per user per month. With 75 employees needing access, the cost breaks down as follows:
Monthly cost: $11 per user per month × 75 users = $825 per month
Annual cost: $825 per month × 12 months = $9,900 per year
This $9,900 annual fee covers the SSO basics, password management, and user lifecycle management. It’s a bit on the high side, but still reasonable.
Oh, you may also need to pay a consultation fee to help you implementJumpCloud in your environment. The costs of these implementation packages vary, depending on the project’s completion time and consultation duration.
Now, let's see how SSO tax affects our company’s budget.
SSO tax costs
Let’s assume BlueLine is using the following five SaaS applications: Hubspot, Jira, Slack, GitHub, and Figma. The SSO tax costs will be as follows.
When you add up the annual increases for each SaaS tool, BlueLine Solutions ends up with over $60K in additional costs just to facilitate SSO.
Total annual increase: $4,725 (Slack) + $3,600 (Jira Cloud) + $33,600 (HubSpot Marketing) + $3,740 (GitHub) + $18,000 (Figma) = $63,665 per year
Now add the standard subscription cost of JumpCloud’s SSO tier to the SSO tax to reveal the actual cost for implementing JumpCloud IAM.
The true cost of JumpCloud IAM: $9,900 (JumpCloud SSO) + $63,665 (SSO tax) = $73,565 per year.
The SaaS vendors are the real culprits here. They take advantage of the critical need for SSO to increase their bottom line. By limiting SAML and SCIM to their more expensive plans, they coax easy upgrades from customers looking for secure access and simplified compliance.
What initially seemed like a manageable investment in JumpCloud’s IAM solution quickly ballooned into an unmanageable investment. And this is just a simple illustration using five commonly used SaaS tools. Keep in mind that a typical startup with 75 employees often uses as many as 40-100 SaaS apps.
Non-monetary costs: Implementation and maintenance challenges
Beyond the monetary costs, implementing and maintaining JumpCloud bring their own set of challenges. These include:
Implementation complexity: Using SAML and SCIM to integrate JumpCloud with various SaaS tools is time-consuming and requires specialized knowledge that not all in-house teams possess (hence the consultation fee).
Ongoing maintenance: Once implemented, these integrations require regular maintenance to ensure they function correctly. Updates to SaaS tools, changes in security protocols, or adjustments in your IAM strategy can necessitate reconfiguration — and more hassle for your IT department.
Potential for disruption: Any misconfiguration or failure in the SCIM integrations or SSO connector can disrupt access to critical applications — leading to downtime and frustration among employees.
Jumpcloud vs Okta
JumpCloud, originally an MDM solution, expanded to include SaaS access management as a valuable feature for its customers. In contrast, Okta was specifically built to address identity and access management, setting the standard for other IAM tools.
But Okta, too, presents challenges for startups and SMBs due to its high costs and extensive setup and maintenance requirements. The company also recently faced significant backlash after a breach compromised many customers’ authentication information.
In summary, JumpCloud offers an all-in-one solution for device, identity, and access management tailored for SMBs. Meanwhile, Okta remains a leading IAM solution for larger enterprises.
But even with these unique advantages, both solutions share the same downside — SSO tax! Both solutions rely on SAML for SSO and SCIM for identity and user account management — which leads us to the (literally) thousand dollar question: what if there were another option for efficient identity and access management, but without the complex and costly SSO configuration?
An alternative solution: Google Workspace + AccessOwl
Google Workspace is an excellent identity provider, especially for small to mid-sized businesses. It's unsurpassed in terms of security and compatibility. And it offers SSO through the widely supported sign-in with Google option — with free MFA.
However, it has limited access controls and automation capabilities.
Consequently, as businesses grow — past 50 employees or Series A funding — Workspace becomes inadequate, and they start looking at more advanced solutions like JumpCloud and Okta. AccessOwl is specifically designed to supplement Google Workspace, so growing organizations have to make a switch.
You can continue using Google as your identity provider, while AccessOwl takes care of user access and user account management. The best part is that it doesn’t rely on SAML or SCIM. So you don’t waste thousands of dollars on SSO tax and implementation costs.
Book a free demo to see how AccessOwl works.
Conclusion: Traditional vs modern IAM approach
Picking an SSO provider can be challenging, especially with hidden costs like the SSO tax. And while JumpCloud is a great solution to consider, its reliance on SAML and SCIM is a major financial roadblock. For businesses already using Google Workspace for identity management, AccessOwl offers a compelling alternative — free from the complexities and costs of traditional IAM solutions.
So give AccessOwl a try, to effectively optimize your IAM strategy while keeping costs in check. And if you find yourself reluctant, beware of psychological barriers like the “sunk cost fallacy” — which can keep you stuck with a particular solution, simply because you’ve already invested significant time, money, and effort into it. Instead, you should always look for the best option available, and consider AccessOwl.