Improve texts

_includes/footer.html

@@ -1,2 +1,3 @@
-<footer>ssotax.org is a <a href="{{ site.github_url }}" target="_blank">community project</a>, originally
-  started by Rob Chahin.</footer>
+<footer>ssotax.org is a <a href="{{ site.github_url }}" target="_blank">open-source project</a>, driven by
+  <a href="/why">the community</a>.
+</footer>

_sass/base.scss

@@ -48,7 +48,7 @@ body {
 /*- Link -*/
 a {
 	color: $text-color;
-	text-decoration: none;
+	text-decoration: underline;
 	font-weight: 700;
 	&:hover,
 	&:focus {

_sass/custom.scss

@@ -65,6 +65,10 @@ table td.actions {
 table {
   border-collapse: collapse;
   width: 100%;
+
+  a {
+    text-decoration: none;
+  }
 }
 
 tr:hover {

friends-of-sso.md

@@ -7,11 +7,11 @@ description: A list of vendors who understand and value the importance of securi
 <summary>
 What does it mean?
 </summary>
-The following vendors take security seriously by offering general SSO (via OpenID Connect, SAML) in all paid plans. That's great!
+The following vendors take security seriously by offering SSO without unreasonable surcharges (via OpenID Connect, SAML) in all paid plans. *Find out more about the [why](/why).*
 
-We also show details about [SCIM](https://scim.cloud) which allows you to manage users accounts via API.
+Another important puzzle piece to manage your organizations access is SCIM. It allows you to centrally provision employee’s with specific user permissions and deprovisions user accounts during an offboarding. That’s why we also added where [SCIM](https://scim.cloud/) is available.
 
-Having SSO and SCIM in the place would be the best combination in terms of security and operational efficiency because you could create user accounts with the right role/permission at this vendor. At the same time you could remove user accounts ensuring that maybe existing sessions are closed properly.
+Best practice for vendors to keep their customers secure would be offering both SCIM and SSO without unreasonable surcharges.
 </details>
 
 ## {{ page.title }}

index.md

@@ -15,25 +15,13 @@ document.addEventListener("DOMContentLoaded", function(event) {
 <summary>
 Why does this exist?
 </summary>
-Single sign-on (SSO) is a mechanism for outsourcing the authentication (via OpenID Connect, SAML) for your website (or other product) to a third party identity provider, such as Google, Azure AD, Okta, PingFederate, etc.
+The **SSO Tax** stands for the practice of SaaS vendors to upcharge for Single-Sign-On ("SSO"). 
 
-In this context, SSO refers to a SaaS or similar vendor allowing a business client to manage user accounts via the client's own identity provider, without having to rely on the vendor to provide strong authentication with audit logs, and with the ability to create and delete user accounts centrally, for all users, across all software in use by that client.
+As a consequence, features like SSO, and more specifically OpenID Connect or SAML, are often restricted to enterprise-level subscriptions. This pricing strategy makes it prohibitively expensive for non-enterprise businesses to centrally manage their employees' access. *Find out more about the [why](/why).*
 
-For organizations with more than a handful of employees, this feature is critical for IT and Security teams to be able to effectively manage user accounts across dozens or hundreds of vendors, many of which don't support features like TOTP 2FA or U2F. In the event that an employee leaves the company, it allows the IT team to immediately disable their access to all applications, rather than logging into 100 different user management portals.
+The following list includes vendors that have SSO locked up in an subscription tier that is more than 10% more expensive than the standard price.
 
-In short: SSO is a core security requirement for any company with more than five employees.
-
-SaaS vendors appear not to have received this message, however. SSO is often only available as part of "Enterprise" pricing, which assumes either a huge number of users (minimum seat count) or is force-bundled with other "Enterprise" features which may have no value to the company using the software.
-
-If companies claim to "take your security seriously", then SSO should be available as a feature that is either:
-
-1. part of the core product, or
-1. an optional paid extra for a reasonable delta, or
-1. attached to a price tier, but with a reasonably small gap between the non-SSO tier and SSO tiers.
-
-Many vendors charge 2x, 3x, or 4x the base product pricing for access to SSO, which disincentivizes its use and encourages poor security practices.
-
-The following list includes vendors that have any SSO feature locked up in a "Enterprise" tier that is more than 10% more expensive. Because SSO should be available for everybody not just i.e. Google users.
+Imagine buying a car and the manufacturer asks for an extra payment to unlock 100% of the braking power. Not offering security features if they already exist in your product means a vendor doesn’t care about your security. Our aim is to spotlight vendors who overcharge for security features, in hopes of instigating a change in the industry.
 </details>
 
 ## {{ page.title }}
@@ -151,3 +139,10 @@ But it costs money to provide SAML support, so we can't offer it for free!
 </summary>
 While I'd like people to really consider it a <em>bare minimum</em> feature for business SaaS, I'm OK with it costing a little extra to cover maintenance costs. If your SSO support is a 10% price hike, you're not on this list. But these percentage increases are not maintenance costs, they're revenue generation because you know your customers have no good options.
 </details>
+
+<details>
+<summary>
+Does it make sense to list vendors here when they offer free Google SSO?
+</summary>
+Yes, it's about all vendors that lock up any SSO. Because SSO should be available for everybody not just for Google users.
+</details>

why.md

@@ -0,0 +1,30 @@
+---
+title: Why?
+description: Why does SSOtax.org exist and what is it?
+---
+
+[**SSOtax.org**](http://ssotax.org) is an open source project to raise awareness how important SSO is as a core security requirement and that it should be available for everyone! It is maintained by the IT and InfoSec community.
+
+Single sign-on (SSO) is a mechanism for outsourcing the authentication (via OpenID Connect, SAML) to a third party identity provider, such as Google, Azure AD, Okta, etc.
+
+Companies rely on SSO to centrally lock down any employee access at the time of their offboarding (and to support robust Multi-Factor-Authentication). Imagine offboarding a single employee from 30 different SaaS applications: Assuming it takes an IT admin 4 minutes to login to a tool and suspend the account it would take them two hours to suspend every access. Two hours in which an employee would have unauthorized access!
+
+**SSO is not a luxury feature but a a core security requirement for any company!**
+
+If a vendor takes your security seriously they shouldn’t charge for a security feature that’s already developed. It would be unheard of for a car manufacturer to deliver your car but asking for an expensive software upgrade to unlock 100% of braking performance. SaaS vendors are essentially doing the same by locking existing security features behind an expensive paywall. Many vendors charge 2x, 3x, or 4x the base product pricing for access to SSO!
+
+----
+
+I learned myself about the problem in the past while introducing Okta in my previous company and not being able to connect it to all existing SaaS as SSO was behind a pay wall.
+
+When I was talking to CTOs and Security Leads about SaaS security, often the term **SSO Tax** came up. I noticed that people complained about not getting a clear understanding what that means for their SaaS tools as the [existing overview](http://sso.tax) is outdated.
+
+The SSO Tax was one of the reasons for starting [AccessOwl](https://www.accessowl.io) - a SaaS Provisioning and Governance platform. My co-founder Philip and I were frustrated that access management was turned into a product category solely accessible to large enterprises. In todays day and age managing your employee’s access to SaaS should not be considered a luxury product anymore.
+
+As the [original project](https://sso.tax) was not maintained for over a year and several reach outs to the maintainer were unsuccessful, I decided to [fork](https://github.com/ssotax/ssotax), updating the data and actively processing PRs to advance the core idea. At the same time it was a great opportunity to [integrate](https://github.com/robchahin/sso-wall-of-shame/issues/100) [community](https://github.com/robchahin/sso-wall-of-shame/issues/36) [feedback](https://github.com/robchahin/sso-wall-of-shame/issues/140) and improve the overall page.
+
+**The objective extends beyond shaming vendors by also applauding those who genuinely value their customers’ security!**
+
+This project was originally created by [**robchahin**](https://github.com/robchahin), who single-handedly coined the term **SSO Tax** and spotlighted the issue. **Big shoutout to Rob!**
+
+*~Mathias (Co-Founder of [AccessOwl](https://www.accessowl.io))*