SSO Shift Enables Self-Serve Upmarket

Moving SSO out of a sales gated tier turns security from a pricing lever into a product expectation. In older PLG SaaS, SSO helped force an upgrade and a sales conversation because larger customers could not deploy without centralized login. The newer pattern is that teams want to swipe a card, connect Okta or Microsoft Entra themselves, and keep moving, then involve sales later for procurement, custom terms, or broader rollout.

• This shift separates enterprise features from enterprise process. Figma now includes SSO on Organization, a self serve purchasable tier, while Enterprise adds heavier admin controls like SCIM. That matches the broader split between a high end self serve plan and a truly negotiated plan.
  4 figma 5 figma
• Airtable era PLG companies often added SSO later, after bottom up adoption was already working. Newer SaaS launches compress that timeline. Enterprise admin, SSO, and compliance features increasingly ship near day one because even 50 to 100 seat deals now expect them.
  1 sacra 3 sacra
• The practical reason is that SSO is part of basic IT hygiene, not a luxury add on. It lets a company connect the app to its identity provider so employees sign in with work credentials and admins can control access centrally. Vendors like WorkOS and Stytch make that setup easier to self serve, which weakens the old contact sales gate.
  3 sacra 6 sacra

Going forward, more PLG companies will reserve sales for the parts a buyer truly cannot self serve, like procurement review, custom legal terms, migration help, and complex rollout. Basic security will keep moving downmarket, which raises the product bar and makes self serve upmarket expansion more viable.