How to mitigate risk when your auth vendor gets acquired

What risk mitigation steps can you take when your auth vendor is acquired?


Published: June 22, 2021

Authentication is an integral part of your application, and as such the acquisition of your auth vendor isn’t like other acquisitions. It could mean many things for your business, and you’ll have to decide how to respond accordingly.

This blog post is an excerpt from What to Do When Your Auth System Vendor Gets Acquired.

Will your new provider give you the same support? Pricing? Integration options? All of these might change for better or for worse.

While clearly an acquisition is cause for concern, it might not be all bad. In this article, we’ll examine how to mitigate some of the issues that arise when your auth system vendor is acquired.

Review your contract

Not the most exciting first action, but it’s important to know what changes your auth provider can make. Find the contract you signed with your vendor and review it.

It’s also important to think about how this contract might be expected to change. Get clarity and get yourself ready.

Review your usage

Take a close look at how your business solutions integrate with and use your auth vendor’s services right now. Figure out the features you use that are absolutely crucial and which of them are proprietary features.

Are they following standard auth protocols? How many of your apps are using this vendor? At a minimum, answering these questions will keep you well informed should you need to migrate to another vendor.

Talk to your account manager

It’s time to talk to your account manager about your business relationship. Give them a call or an email and try to negotiate a long-term contract that will protect your business interests and guarantee a level of stability. The research into the contract you did previously? Now it the time to reference it.

Don’t forget to ask about migration timelines while you’re at it, so you know how soon you need to be prepared and for what changes.

If you don’t have an account manager, send an email to the sales or support team. They may send you elsewhere, but are a good starting point.

Evaluate What It Would Take to Switch Vendors

Budget dev team time to look into other options in case it becomes necessary to move. Discuss the possibility with your partners or stakeholders, touching base with everyone you discussed the issue with during the initial decision process, so that everyone understands what it would take to make the switch.

Even if you stick with your vendor through the acquisition, at least now you know more, and you’re prepared for whatever comes afterward.

Consider Impact to Current or Planned Projects

There’s never a perfect time for a huge change to your auth system. What current projects will be impacted, for better or worse? Do you have projects in the planning stage that will have to be reimagined due to new standards or a different set of features?

It’s best to discuss this with your stakeholders, again so that everyone is on the same page and has consensus about priorities.

Consider Other Options

If the changes are disruptive enough, you may decide you don’t want to use third-party solutions anymore. You have a few other options:

  • Use a non SaaS solution: SaaS solutions are great, but if you use a non-SaaS solution, where you host it yourself, you have far more control over any changes to functionality. You may have to upgrade for security or contractual reasons, but you’ll be able to do it on your timeline, not the acquirer’s. FusionAuth can be self-hosted and has a community version that is free for unlimited users.
  • An open-source solution: You’ll still have to manage your own source code. You’ll just be using a free and community-driven solution like Gluu, Keycloak, or OpenIAM. Your team will have to explore these projects and choose the one that works best for your system.
  • In-house custom build solution: In some rare cases, none of the available solutions will be a good fit for your organization, and you’ll decide to build a custom auth system for your product. This will require more resources to achieve but of course, when completed, you’ll have a solution that works best for you. Further, such a choice can be fine-tuned with more features in the future at your will (and expense)—something you won’t get anywhere else.

To learn about more about vendor acquisitions, such as short-term and long-term benefits and risks, read What to Do When Your Auth System Vendor Gets Acquired.

More on market

Subscribe to The FusionAuth Newsletter

A newsletter for developers covering techniques, technical guides, and the latest product innovations coming from FusionAuth.

Just dev stuff. No junk.