Are there good alternatives in 2024 to Keycloak + FreeIPA for k8s-native environments?
replies(3):
Would you mind sharing your thoughts on our pricing? We certainly love to improve this. Its not our intent to have a smoke and mirrors pricing ;-)
On the subject of maturity and security. Many known enterprises trust Zitadel for their identity needs, especially the self-hosted version, which can be used for free. I think what makes Zitadel a great package in regard of security is that our community actively provides vulnerability disclosures to the project which we track in public.
Let us know what we can improve to show that we take security and stability serious!
- the step up from free to paid is huge, and already needed if you have 4-5 users that log in every day
- your definition of "daily active user" is a bit tricky, as one user who logs in every day is counted as 31 users. The most common metric I know is monthly active users (users that log in at least once a month)
So, if we would increase the free amount and the included in the pro tier it would a little alleviate this pain?
On the definition, we wanted to use DAU because with this we can have on metric to price consumers, business customers and service accounts. To us it was weird to pay for a MAU when a consumer only logs in once a month. Coming back to my reply above... would a "bigger" number of included DAU solve this?
About the pricing, I haven't made the calculations in your product, but in other products I sometimes miss a middle ground between free and pro like a "hobby" or "mini" tier. maybe I have a small product, an SMB, or a personal thing thing that needs a service, and I don't want to be a "freeloader" on the free plan, but the pro is too much.
There are services I've used that I know I'll stop using once I grow out of the free plan, because it's so expensive.
But the current free plan has a few issues (I would even call them traps):
It has a monthly DAU and API request limit. If this limit is exhausted Zitadel will essentially shut down the service until the end of the month, unless you switch to the Pro plan, or just accept getting locked out until the end of the month.
The DAU restriction can be safeguarded by only onboarding 3 users, then the DAU quota will never be exhausted.
The API limit is even more tricky, if your users heavily use the console or log in very often it is out of your control.
This makes the Zitadel free plan practically just a demo version (1 admin user, 1 test account, 1 service account). In my case I nearly hit the quota already after 5 days of developing a product, just me, developing alone. I ended up switching to auth0, because I was not very invested in Zitadel yet.
Another thing would be to mix daily active users and monthly active users. For example in the ratio 1:10 (100 DAUs or 10 MAUs). Just cap the DAU counter for a user at 10 logins per month.
It's really hard to predict how often users are going to log in. So if you have a company with 50 people, you know 50 MAUs are enough. But will 500 DAUs be enough? You just don't know that in advance. The DAUs can also grow a lot even if MAUs stay the same, if your product becomes better and is used more often in the company. Really hard to tell the customer at a later stage that Zitadel is now more expensive, because people log in more often. The DAU/API limit is also an incentive to cache authentication/2FA longer and compromise on security.
Maybe remove a few enterprise features for the cheaper plans like SAML or restrict branding. But please keep passwordless/2FA, for me those features were the main reason to try Zitadel, that's one of the features where Zitadel shines over auth0.
I’ll take your points for a spin internally. We’ve already had some ideas that address some of your concerns, especially around the quotas.
Already with one user per family member we are coming dangerously close to the quotas, it's my fault, I didn't take the time to check the terms and conditions. But I honestly did not expect the free plan to be that restrictive. I just stopped at "100 users" and thought: "well, that should be enough". That's why I'm warning everyone about this fact.