Identity and access management (IAM) has become a relevant IT discipline in a short period of time. Previously there were only a few services specialised in access to systems and services, nowadays there is wat more choice. These new vendors also know how to realise innovation. We contacted Eugenio Pace, founder and CEO of Auth0, a fast-growing IAM company.
Auth0 aims to eliminate complex processes that developers normally face when building authentication and authorization for applications. Whether it’s a modern mobile application or legacy application: adding identity is often part of development. You can tackle most of the complex parts with an Identity access as a Service (IDaaS) platform. As a result, developers spend less time on difficult processes, which normally takes a lot of time to get right. Without a platform like Auth0, referred to by the company as Authentication and Authorization as a Service, developers can spend anywhere from tens to more than hundreds of hours on identity.
What makes identity complex?
At the front-end of an application, identity usually looks fairly easy. The need for an IDaaS platform is therefore not clear to every IT decision-maker. Suppose you instruct a Python developer to develop an application where he has to build in identity all by himself. The developer will start searching for code for signing up and logging in. This code should be compatible with the used systems and platforms. For the desired purposes, the code must be custom build, which will involve some testing. We are mainly talking about a ‘bare login screen’ here: the login and registration screen, e-mail verification and the possibility to reset a password if forgotten. Establishing these basic elements is already a process that often takes more than ten hours.
Setting up this screen is just the beginning. Which social media platforms are you going to add as login options? With which enterprise applications you need to integrate authentication processes? What do you plan to do with mobile platforms such as iOS and Android? What do you add as an extra layer of security, two-step authentication? Just some questions you have to think about when setting up authentication and authorization. In the end, there are often more than ten very important long-term steps that need to be addressed.
The importance of an identity platform
Auth0 wants to simplify or even eliminate all these steps with its platform. If developers don’t have to put unnecessary time and effort into things such as identity, they can focus on building the app. Building an app is a process that takes enough time by itself. In addition, the identity platform knows exactly how identity works which prevents possible mistakes or forgotten elements. Obviously, you want to avoid that, as it damages the user experience.
Auth0 wants to simplify or eliminate steps so that developers don’t put in unnecessary time and effort into identity.
Auth0 provides a lot of elements that could be meaningful for every step of the authentication cycle. From the simple login screen a user sees at the front-end to the developer expending the capabilities of identity. By default, the platform provides building blocks, such as pre-built integrations. Think of integrations with identity providers such as Google and Microsoft and single sign-on (SSO) with Adobe Sign or Salesforce. Certain functionality can only be added with code, such as setting specific rules before and after signing up.
In the end, Auth0 opts for a combination of no-code, low-code and true programming. For example, the IDaaS vendor uses Flows, a no-code interface to show the authentication workflows for your company through a mockup. All you have to do is enter the company name, search and select it. This search field is linked to a public database, so the logo and other things can be seen in a fictoinal login screen. It shows what the authentication workflow could look like. In the end, it’s up to the developers to turn it into a real set-up. With Flows, it’s easy to find out if Auth0 could be useful for your company. It gives you the possibility to present how the end result would look like, to the customer or c-level. The image below illustrates how we were able to gain insight into the Auth0 processes within a minute.
When configuring certain ‘pro tasks’, it is necessary to turn to true programming, often because this is used for highly customised experiences for the application and login experience. In order to support this in the best possible way, Auth0 uses an API-first policy: all application programming interfaces of Auth0 are available to developers so that all the capabilities can be used.
This approach has worked for Auth0, and so, the vendor sees a bright future. The identity market is expected to grow even further, as currently, companies might choose to invest in a non-IDaaS platform. Several market studies, therefore, assume that IAM will grow the next years, and Auth0 expects to benefits. The company expects IAM to continue to grow as an integral part of the app development process.
With Auth0’s direction to focus primarily on developers, it’s clear what the company is trying to achieve.
For Auth0, growth may also be achieved by seizing market share from its competitors. Okta is seen as a competitor in the market as that company is currently generating more revenue. According to the CEO, the two companies are not necessarily destined to be fierce competitors. Companies could use Auth0 and Okta at the same time. “We believe in identity as a universal problem that affects employees, customers and partners. That’s why we offer one IAM platform for all use-cases. Okta focuses on employee identity,” Pace says. Okta is, therefore, more of an identity management platform for many IT solutions, providing employees with a single portal to access relevant applications. The two vendors of identity platforms also show that they do not necessarily see each other as competitors because they support each other’s platforms. For example, within Okta, it is possible to configure Auth0 as an identity provider.
With Auth0’s direction to focus primarily on developers, it’s clear what the company is trying to achieve. Developers will continue being the main focus because, according to Auth0, identity is still complex. We are curious what else Auth0 will do to support this group even further.