Auth0 SSO Drives B2B Expansion



Similar documents
The Top 5 Federated Single Sign-On Scenarios

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

The increasing popularity of mobile devices is rapidly changing how and where we

An Overview of Samsung KNOX Active Directory-based Single Sign-On

SP-initiated SSO for Smartsheet is automatically enabled when the SAML feature is activated.

Getting Started with AD/LDAP SSO

Configuring. SugarCRM. Chapter 121

Improving Security and Productivity through Federation and Single Sign-on

Configuring. SuccessFactors. Chapter 67

Adding Stronger Authentication to your Portal and Cloud Apps

Configuring SuccessFactors

ipass Unlimited 1. Introduction 2. Challenges and Trends

Flexible Identity Federation

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

SAP NetWeaver Fiori. For more information, see "Creating and enabling a trusted provider for Centrify" on page

Egnyte Single Sign-On (SSO) Installation for OneLogin

CA Technologies Empowers Employees with Better Access to Applications via OneAccess Mobile App

For details about using automatic user provisioning with Salesforce, see Configuring user provisioning for Salesforce.

Identity Federation: Bridging the Identity Gap. Michael Koyfman, Senior Global Security Solutions Architect

Configuring Salesforce

Building Secure Applications. James Tedrick

Connected Data. Connected Data requirements for SSO

Introduction to SAML

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

Fast & Secure On-Boarding to Student Devices

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Streamlining Identity Management

Easy as 1-2-3: The Steps to XE. Mark Hoye Services Portfolio Consultant

SAML-Based SSO Solution

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Identity. Provide. ...to Office 365 & Beyond

managing SSO with shared credentials

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

ELM Manages Identities of 4 Million Government Program Users with. Identity Server

Case Study: SSO for All: SSOCircle Makes Single Sign-On Available to Everyone

Interoperate in Cloud with Federation

An overview of configuring WebEx for single sign-on. To configure the WebEx application for single-sign on from the cloud service (an overview)

Top 8 Identity and Access Management Challenges with Your SaaS Applications. Okta White paper

SAML Single-Sign-On (SSO)

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

EXECUTIVE VIEW. SecureAuth IdP. KuppingerCole Report

USING FEDERATED AUTHENTICATION WITH M-FILES

Centrify Mobile Authentication Services

Speeding Office 365 Implementation Using Identity-as-a-Service

SAML single sign-on configuration overview

Version 3.2 Release Note. V3.2 Release Note

HP Software as a Service. Federated SSO Guide

Symplified I: Windows User Identity. Matthew McNew and Lex Hubbard

Allidm.com. SSO Introduction. Discovering IAM Solutions. Leading the IAM facebook/allidm

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

Zendesk SSO with Cloud Secure using MobileIron MDM Server and Okta

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Can We Reconstruct How Identity is Managed on the Internet?

Configuring Single Sign-on from the VMware Identity Manager Service to ServiceNow

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

Configuring. Moodle. Chapter 82

OpenLogin: PTA, SAML, and OAuth/OpenID

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Configuring Parature Self-Service Portal

CLAIMS-BASED IDENTITY FOR WINDOWS

Adobe unlocks creative velocity.

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

This way, Bluewin will be able to offer single sign-on for service providers within the circle.

Increase the Security of Your Box Account With Single Sign-On

An overview of configuring Intacct for single sign-on. To configure the Intacct application for single-sign on (an overview)

HOL9449 Access Management: Secure web, mobile and cloud access

Agenda. How to configure

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

How To Use Salesforce Identity Features

An Overview of Samsung KNOX Active Directory and Group Policy Features

1 Introduction Product Description Strengths and Challenges Copyright... 5

Security Assertion Markup Language (SAML) Site Manager Setup

Leveraging SAML for Federated Single Sign-on:

Configuring Single Sign-on from the VMware Identity Manager Service to WebEx

NCSU SSO. Case Study

Administering Jive Mobile Apps

Single Sign On (SSO) Implementation Manual. For Connect 5 & MyConnect Sites

ABOUT TOOLS4EVER ABOUT DELOITTE RISK SERVICES

DualShield SAML & SSO. Integration Guide. Copyright 2011 Deepnet Security Limited. Copyright 2011, Deepnet Security. All Rights Reserved.

Buzztouch SDK Partner Program

EXTENDING ORACLE WEBCENTER TO MOBILE DEVICES: BANNER ENGINEERING SUCCEEDS WITH MOBILE SALES ENABLEMENT

I D C V E N D O R S P O T L I G H T

Single Sign-On is all GrOWn up.

Citrix Password Manager 4.5 Partner and Sales FAQ

SAML AS AN SSO STANDARD FOR CUSTOMER IDENTITY MANAGEMENT. How to Create a Frictionless, Secure Customer Identity Management Strategy

SAML SSO Configuration

Sharepoint server SSO

seamless simplicity to simple identity management in education.

SAP NetWeaver AS Java

THE MOBlLE APP. REVOLUTlON. 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD

Getting Started with Single Sign-On

Social Application Guide

Single Sign On. SSO & ID Management for Web and Mobile Applications

Google Identity Services for work

Apple has been popularized by businesses and their employees as they continue to utilize

Cisco Software-as-a-Service (SaaS) Access Control

This section includes troubleshooting topics about single sign-on (SSO) issues.

A Standards-based Mobile Application IdM Architecture

Transcription:

Auth0 SSO Drives B2B Expansion An Auth0 Customer Case Study auth0.com

Setting up our application to integrate with one partner and then having that partner act as a service hub for dozens of identity systems helps simplify work for our core development teams, while allowing our customer base to grow exponentially. Cris Concepcion, Engineering Manager at Safari Books Online OVERVIEW / EXECUTIVE SUMMARY Safari, a subsidiary of O Reilly Media, Inc., provides online and mobile access to a vast array of technical, business, and design resources from books to training to videos. This unique learning portal has hundreds of corporate clients including Amazon, Tesla, Blizzard Entertainment, Yahoo! and Google, who purchase subscriptions to enable access by small teams or by users company-wide. CONTENTS Overview/Executive Summary 2 The Challenge 2 Stringent Customer and Technical Criteria 2 Build or Buy? 3 The Solution 4 The Proof is in the POC 4 A Quick and Seamless Path to Mobile SSO 4 Benefits 4 SAML Variations Made Easy with Auth0 4 A Collaborative Partner 5 Conclusion: A Bright Future 6 Safari started out as a digital library platform focused on individual developers and corporate teams, with cutting-edge technical books and content drawn from a wide array of publishers aimed at accelerating developer productivity. As their offerings branched out to include more diverse titles for design, business, and strategy, and as software becomes central to nearly every business, Safari saw the opportunity to expand their user base into all levels of the enterprise. The goal: package and deliver content for enterprise consumption, land larger deals and expand Safari s user base. Customers made it clear that enterprise single sign-on (SSO) is vital to this goal, and the company launched an initiative to add this feature to their product. With SSO, corporate users don t need a registration process, nor do they need to set up separate user names or passwords. An SSO solution can also cut costs for both Safari and their customers by reducing or eliminating expensive support calls for password resets and user account management a win-win. The rollout of a new enterprise client with more than 2,000 users provided the perfect opportunity for Safari to build out an initial SSO solution using Auth0. THE CHALLENGE Stringent Customer and Technical Criteria With its emphasis on the B2B market, Safari needed a core single signon (SSO) platform that could easily be adapted to customers preferred corporate identity technologies Security Assertion Markup Language (SAML), Active Directory Federation Services (ADFS), Google Apps, etc. auth0.com 2

SAFARI AT A GLANCE A wholly owned subsidiary of O Reilly Media, Inc. Launched in 2001. A digital learning platform that offers 30,000 books, videos, training courses, and conference resources on technology, business, and design. Global presence with four offices worldwide. With customers in regulated industries and the need to comply with the US-EU Safe Harbor Framework a privacy policy agreement between the US and the EU ironclad privacy and security was paramount. Safari s technical criteria included: Easy integration with Python/Django. Simple support for Android and ios native mobile apps. Support for multiple SAML implementations, mapping attributes from customer Identity Providers (IdPs) to Safari user profiles. Role-based authentication workflows that guide users with specific roles to different content landing pages. Security and privacy safeguards that meet enterprise customer requirements. Build or Buy? Compared to the costs and resources required to build, host, and secure a custom solution, the investment associated with a third-party authentication service like Auth0 was a sensible choice. Cris Concepcion, Engineering Manager at Safari At the outset, Safari considered building its own authentication service. Safari Engineering Manager Cris Concepcion and his team researched several open source identity and access management (IAM) and SSO technologies. This was a natural path to take, as Safari s parent company, O Reilly Media, is a thought leader in OSS communities and the founder of OSCON, a popular open source conference. Concepcion and his team soon realized that building their own authentication middleware would demand a lot of effort and expense. While researching options, Concepcion and his team discovered Auth0 through the company s open source SDKs on GitHub. After understanding the potential of Auth0 s platform, the team embraced a decision to buy, rather than invest in building a solution from scratch. Safari realized that building and maintaining their own authentication infrastructure would require one or two full-time engineering resources dedicated to support and customization. I am proud of working with a bunch of smart people at an excellent company, but part of that excellence is derived from knowing what our core business is, said Concepcion. Compared to the costs and resources required to build, host, and secure a custom solution, the investment associated with a third-party authentication service like Auth0 was a sensible choice. auth0.com 3

THE SOLUTION The Proof is in the POC REALIZED BENEFITS Multiple authentication partners are supported quickly and easily and with minimal effort. Developers can define the workflow in one environment and have it work seamlessly on the Web or on mobile devices. IT can access to logs and reports to troubleshoot customer issues. Rules-based workflows are supported to handle additional customer authentication requirements. Safari s B2B and B2C customers enjoy a secure SSO experience. The SSO process is simple and transparent to the user. The development cycle is short, thanks to outstanding support from Auth0. Safari has the potential for expanding its enterprise customer base and future customized applications for the mobile environment. Safari s Proof of Concept used the Django OAuth toolkit to leverage OAuth2 for both authentication and authorization. Auth0 delivers a complete, compatible OAuth2 implementation right out of the box, and in the POC, Safari leveraged the Python Social Auth SDK they were already using. No additional coding was needed: the POC proved Auth0 s simplicity and compatibility with Safari s existing software. Safari s system handles B2C and enterprise users differently, routing logins by comparing the user s email to a known list of SSO email domains. If there is a match, Safari routes the request to Auth0 with the corporate account s connection string. Auth0 then authenticates the user to the enterprise IdP. When the user is authenticated, Auth0 routes the user back to the Safari system. After the POC, it took Safari just three weeks to complete a pilot with a customer. The customer sent users to Safari from a corporate landing page rather than from the Web. The pilot users didn t have to log in to Safari if they were already logged into their company s system. Safari s SSO, enabled by Auth0, invisibly authenticated them and redirected them automatically to Safari s content with just a click. A Quick and Seamless Path to Mobile SSO At first, Safari focused on SSO for corporate users accessing content from their desks. But users also like to read on mobile devices, so Safari also has powerful mobile applications on both IOS and Android a major differentiator for the company in the B2B market. The mobile development team quickly got up to speed, and mobile integration required only a few changes. The Auth0 solution was used pretty much as is for our mobile implementation, said Concepcion. It all came together within the timeframe that we expected, with no major surprises or roadblocks. Auth0 made it easy to provision new users right within our mobile app. There s no need for a user to go to the Web first to create an account and then download the app. BENEFITS SAML Variations Made Easy with Auth0 Auth0 stands apart from other SSO technologies, focused on simplifying a complex development process. Based on past experience, Concepcion noted that integrating SSO with a B2B customer s identity auth0.com 4

architecture could present technical and business challenges. While there are standards for formats like SAML, the implementation of those standards varies widely. The more often you engage your core developers to support variations in your customers identity systems, the slower you will be to sign deals and support the growth of your business, he said. But Auth0 solved all that for Safari. The entire implementation, from Web POC to mobile implementation to the pilot, took less than two months. Concepcion attributes the rapid development cycle to the elegant way Auth0 handles variations in SAML. Auth0 rules and mapping also provided Safari with a high degree of flexibility, making it easy to customize SSO for its customers. Auth0 can easily map SAML attributes to a standard format for email addresses. This allows Safari to use the customer data as is, making Safari much easier to work with as a Software-as-a-Service (SaaS) provider integrated with enterprise SSO. The combination of the rules and mapping capabilities in the Auth0 platform makes it easy for us to work with any data in any format. Best of all, we don t have to ask our customers to send data in a different format, and we can customize the SSO to meet their needs, remarked Concepcion. Rules also come in handy if customers want to monitor usage by logging user access to an application. Auth0 also makes it possible to redirect users to specified URLs after logout, such as a corporate homepage. A Collaborative Partner WHAT TO LOOK FOR IN AN IAM PARTNER Strong presence in the developer community Support for OAuth2 Ability to support SAML variations Excellent support and followthrough Open, transparent, and forward-thinking Concepcion appreciates Auth0 s commitment to its customers, the collaborative spirit of its support team, and its responsiveness. We are grateful for the help Auth0 provided while we were working through the initial integration points. The Customer Success team was always accommodating and made time for us when we had an issue, noted Concepcion. Having Auth0 around to provide immediate answers to our questions saved our developers a great deal of time. He found the whole experience quick and efficient, largely because the Auth0 Customer Success team worked side by side with the Safari developer team and truly spoke their language. In one instance, a large Safari customer wanted to use their own signing certificate rather than use the Auth0 s certificate to validate the authentication flow, including SAML assertions. This was a feature not yet part of Auth0, but the company quickly jumped on this requirement. In a four-hour, three-way working videoconference between Auth0, Safari, and the customer, the new feature was implemented and verified against Auth0, Safari, and customer test environments. Additional tests proved that the SAML assertion signing was working correctly in production. Even if there is something Auth0 can t currently do, the auth0.com 5

company provides workarounds or implements new functionality. It was a very happy ending for all of us, said Concepcion. CONCLUSION: A BRIGHT FUTURE Having Auth0 around to provide immediate answers to our questions saved our developers a great deal of time. Cris Concepcion, Engineering Manager at Safari With Auth0 SSO as the service hub for dozens of identity systems, Safari s development team can now easily set up B2B clients with SSO and provision users. Currently, Safari has five enterprise accounts and thousands of active users on Auth0 and Safari has dozens of B2B customers that are transitioning to the new SSO capabilities, including enterprises wanting to scale up, engaging Safari s services companywide. Safari recognized that implementing SSO was not just about landing more customers, but also expanding usage within existing customers. This insight was key to Safari's decision to invest in this strategy. Concepcion is confident that SSO will have a positive impact on Safari sales. There are definitely a lot of new customers that we will be able to bring in as a result of SSO. For any enterprise implementation, SSO is the key to making those deals happen, said Concepcion. Looking to the future, Concepcion envisions the development of a broader family of mobile apps, including customized mobile apps that will enable corporate users access to a wider range of content, confident that Auth0 can handle these new use cases and help Safari accelerate their B2B momentum. Auth0, Inc. 10777 Main Street, Bellevue, WA 98004 +1 888 235 2669 +1 425 312 6521 info@auth0.com auth0.com 6 Create your FREE account at auth0.com today. 2015, Auth0 Inc. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information