re: How Do You Authenticate Your Users? VIEW POST

FULL DISCUSSION
 

Middle ground: we avoid writing the authentication piece, instead federating with our customers IDPs (typically AzureAD, Office365, Google - nobody has asked for Github or Social media yet..) for identity assertions, which we authorize locally in a gateway so we can enforce our licensed features. Major wins: no more password reset calls to our helpdesk (250+ per day before this), user access control remains with the customer so their starters/leavers processes work smoothly, no more complex user management stacks in every product (50% of the codebase I reckon across the business!)

As we support a number of diverse products with this SSO solution the gateway also provides a nice isolation point between customer IDP weirdness and internal services, avoiding every product having to support every weird IDP.

code of conduct - report abuse