This week, Auth0 was acquired by Okta, the largest company in the Identity & Access Management space. After being founded in only 2014 and sold for a cool $6.5 billion, this is yet another example of how technology is increasingly being adopted by developers and finding it's way into the business in a bottom-up fashion.
What Is Identity & Access Management?
Many of the applications which you use or develop will be protected with username and password access. The username represents your individual identity, which will control how you are allowed to use the system and the data that you have access too, and the password of course controls your access to that identity.
It may seem that developing a username and password function is simple, but in reality there is a lot of effort and complexity to this. Not only do you need to implement the login feature, but also the logouts, password resets, multi-factor authentication, social logins and the ability to disable users to name just a few. Being authentication related, all of this needs to be developed securely, which is a skill in itself.
At an enterprise level, businesses also need to control access across an entire portfolio of applications, ensuring that the right people in the right job roles have access to the right systems. Technically, this will often mean that we need to develop integration between applications, internal directories and single sign on systems so that these things can be controlled and audited centrally. This is further development which needs to take place, none of which really adds value to your users.
Whilst implementing Identity & Access Management does require lots of work and complexity, it is a task which overlaps greatly from application to application and organisation to organisation. Therefore, there have been a number of solutions developed which provide this through either on premise software deployment or more recently as a service.
Example products in this space include Ping Identity and Okta. Both of these products and organisations started life and still punch hardest in the enterprise space, where the task is to protect thousands of applications and tens of thousands of users in a secure, controlled and compliant way. And historically they have done a good job at this, jointly protecting billions of user accounts.
The Auth0 Approach
Rather than focus directly on enterprise, the Auth0 approach and their ultimate success was very much to focus on winning developer mindshare with a bottom-up adoption and sale.
Auth0 allows developers to drop in the identity and access management features directly into their applications, avoiding all of the development work whilst ensuring a secure implementation. The experience for developers is very good, and the frontend highly customisable so that security can be implemented without restricting their user experience. All of the documentation, guides and presentation are also oriented towards developers, and the business is very culturally aligned and tuned into the development community.
For all of these reasons, developers have flocked to Auth0 as their preferred solution for Identity & Access Management.
In addition, whereas the competition are very enterprise focussed in their approach, Auth0 is much more consumer focussed. For instance, rather than being the technology by which enterprises secure their internal line of business applications, Auth0 has historically more naturally been at home when used in websites and mobile applications aimed at consumers.
Ultimately, Okta have concluded that these are both trends they need to buy into in todays developer led and digital world.
What Can We Learn From This?
As technology leaders, the success and rapid adoption of Auth0 shows how new technology is increasingly entering the organisation through developers, who are consuming SaaS services and baking them into their applications. Of course this brings risk and governance considerations, but also shows how companies need to change to allow and support this innovation if they are to remain competitive.
The success of Auth0 also shows how enterprise IT is being turned inside out, taking previously internal line of business applications and data, and exposing this outside of the business so users and consumers can interact with it through digital channels. This is the flip side of consumerisation of enterprise IT, where we are taking enterprise IT and enabling it for direct use by customers.
Finally, this is of course another example of the rapid digitisation of the world economy, where companies are building more web and mobile applications. Intelligent consumption of developer accelerators and SaaS services like Auth0 is really necessary to get to market quickly and remain competitive.