Tyler Deren is a FusionAuth community member and a Lead Architect and Security Officer at Eduplaytion. He chatted with us over email about how he and his team are using FusionAuth to meet their auth needs.
This interview has been lightly edited for clarity and length.
Dan: Can you tell me a bit about ZanoCloud? What is the company’s mission?
Tyler: Eduplaytion is a Norwegian edtech company that develops the Numetry learning platform. Numetry is an interactive digital media application that teaches students mathematics as they explore a mysterious far-flung solar system.
We blend rich story-telling through animated cutscenes with math problems to make learning math fun for students aged between 8 to 12. Student progress can then be monitored and guided through a Teacher Tool that is available to faculty at partner schools and classrooms.
Dan: Fascinating! How did your company discover that a mysterious solar system was the best way to teach math?
Tyler: Haha, you’d need to ask the pedagogues that one!
I imagine though it has to do with engagement. Plop a kid in front of an educational video and they might fidget and be very disinterested. Plop them in front of Star Wars and they will be engaged and absorb all of the content!
Eduplaytion’s goal has always been to create incredibly engaging products that kids can sit down and absorb all of the material. Flying through a solar system, engaging in missions with full animated cutscenes and uncovering the mysteries of a distant solar system really helps keep kids engaged and focused: so much so they don’t even realize they are solving math problems.
We ended up choosing FusionAuth over other alternatives (primarily KeyCloak because of the exceptional documentation, and it checked all of the boxes we were looking for.
Dan: Tell me about your work as a lead architect and security officer at Eduplaytion.
Tyler: My day-to-day involves ensuring our systems are up, available and reliable, as well as developing new backend focused systems and API for both student and teacher use. Like many small companies, I wear many hats and do what is needed.
Dan: What would you say is your biggest challenge in this role?
Tyler: The biggest challenge is definitely balancing the many different hats, all while working with a (primarily) remote team.
Eduplaytion is in Norway and I am in Canada, but there are also developers down in Brazil. It’s never fun when there is a SEV during peak times in Europe (typically in the morning!), which is in the middle of the night for me here in North America.
So yeah, working with a tiny team means there is a lot of context switching and the largest challenge is managing those swaps while still being productive.
It is hard to say how much time and money FusionAuth has saved. Definitely months and months of manpower if we wanted to build out even a simpler IDP for our own use!
Dan: How do you use FusionAuth? OAuth? User management? Social sign-on? Something else?
Tyler: We use FusionAuth to seamlessly connect to the Norwegian federated identity service provider which is used in 95% of all schools in our target market.
Further, we also make extensive use of the FusionAuth Families API to connect students with parents and guardians, which is a key component of our B2C/consumer offering.
We also use FusionAuth’s Entity Management features to allow secure communication between different services in our backend.
Dan: I’d love to hear more about how you use the Families API? Can you share any more details about how it helps connect parents and guardians with students? Are you primarily using it for the data model? Do you use it for reporting or consents?
Tyler: There is some lengthy backstory here, but the gist is Europe is very progressive when it comes to data privacy and your rights to your data, which are all very good things.
The age of our audience falls below the minimum age of consent for data collection purposes in Europe. This basically means that in order to collect potentially personally-identifiable information on our users, we need a way to collect consent from the parent or legal guardian, and we do that through either the schools (which collected consent through the parents and/or guardian), or through the FusionAuth Families API.
We use the Families API to group users with a parent or guardian, and then have that parent or guardian provide consent on behalf of the student/user on our platform. Once that is done, we can then unlock all of our learning materials on our platform.
We decided we did not want the ongoing maintenance and overhead of developing our own identity provider when so many solutions existed.
Dan: What problems did we solve for you?
Tyler: We’ve been using FusionAuth since 2021.
During the evaluation process, we were looking for the following features:
- Self-hosted
- First class support for OAuth2 and OpenID Connect
- Support for SAML2
- Excellent documentation
- Primarily had a “code approach” to implementation
Dan: Why was self-hosting so important for you?
Tyler: When Numetry was being built, the EU-US Privacy Shield was struck down by European courts and there was a lot of uncertainty working with USA-based companies from Europe, especially if you were a company that handled a protected class of data (like children’s data).
So, we designed our platform to only use sub-processors that were entirely based in Europe, including working with a Swedish-based public cloud provider instead of one of the “big three”.
Self-hosting is part of that strategy to reduce our sub-processor list, which also improved the sales pipeline. When your primary customers are municipalities and/or school boards, they will be much more comfortable if their data is being sent to as few 3rd-party services as possible.
Self-hosting isn’t cheaper by any means, but it does provide tighter control over where that data does go.
Dan: How were you solving the auth problem before FusionAuth?
Tyler: Before FusionAuth, we had a custom written authentication/authorization service that handled our user accounts. This system was not built with OAuth2 flows in mind and was strictly email/password.
When we started integrating with the Norwegian federated identity provider, we had to make a decision on if we wanted to continue developing our own solution or migrate our existing users to a new solution.
We decided we did not want the ongoing maintenance and overhead of developing our own identity provider when so many solutions existed. So we started our evaluation process.
Self-hosting is part of that strategy to reduce our sub-processor list, which also improved the sales pipeline. When your primary customers are municipalities and/or school boards, they will be much more comfortable if their data is being sent to as few 3rd-party services as possible.
Dan: Why did you choose FusionAuth over the alternatives?
Tyler: We ended up choosing FusionAuth over other alternatives (primarily KeyCloak) because of the exceptional documentation, and it checked all of the boxes we were looking for.
The additional features it had, like Families API, are things we could see ourselves using (and we eventually did use!)
Dan: How much time and money would you say FusionAuth has saved you?
Tyler: It is hard to say how much time and money FusionAuth has saved. Definitely months and months of manpower if we wanted to build out even a simpler IDP for our own use!
Further, we also make extensive use of the FusionAuth Families API to connect students with parents and guardians, which is a key component of our B2C/consumer offering.
Dan: How do you run FusionAuth (kubernetes, standalone web app, behind a proxy, etc)?
Tyler: Currently FusionAuth is running on a public cloud by a Swedish cloud-provider. It runs as a Docker container and traffic is forwarded to it by a global load balancer.
We love sharing community stories. You can check out the Numetry website if you’d like to learn more.