“I did not want to spend the next three years of my life or my engineering team’s life continually rushing to support different single sign-on setups… I just did not want to build basically what you have already built.”
Michael D’Angelo, CTO and Co-Founder, Promptfoo
About Promptfoo
Promptfoo is a security company that specializes in red teaming and offensive security testing against LLM-powered chatbots, agents, and RAG systems. They help enterprises identify vulnerabilities in their AI applications and fix those vulnerabilities so they can deploy LLM-powered applications in production with confidence.
Founded by AI security experts, Promptfoo serves an elite customer base of Fortune 1000 and Fortune 500 companies (enterprises whose names you’d recognize driving down the highway). They serve massive organizations with stringent security requirements and complex deployment needs.
The Challenge
As Promptfoo prepared to onboard their first enterprise customers, CTO Michael D’Angelo faced a critical decision that would impact the company’s ability to scale. With signed contracts from 2-3 Fortune 500 companies and deployment deadlines as tight as three weeks, Promptfoo needed an enterprise-grade authentication solution immediately.
The challenges were particularly acute given their customer base:
- Enterprise SSO Complexity: Each Fortune 500 company had unique single sign-on requirements: different SAML configurations, varying OIDC implementations, custom claims, and SCIM support needs.
- Multiple Deployment Models: Promptfoo needed to support both cloud and on-premise deployments, with 80-90% of their enterprise customers requiring on-premise installations, including air-gapped environments.
- Role and Team Mapping: Enterprise customers with 5,000+ users needed sophisticated role and team mapping from their identity providers to Promptfoo’s application.
- Time Pressure: With the first customer deployment in just three weeks, there was no time for a lengthy implementation.
- Small Team Reality: As a startup with just three engineers at the time, building and maintaining authentication infrastructure would divert critical resources from their core product.
D’Angelo, having built single sign-on integrations for Fortune 500 companies before, understood the complexity ahead:
“I know how these integrations go. This isn’t my first time building single sign-on that has to integrate with the Fortune 500, and I know the complexity and how different every environment is.”
Why FusionAuth?
After evaluating authentication solutions, Promptfoo selected FusionAuth for several reasons:
1. Complete Enterprise Feature Set
FusionAuth was the only solution that met all of Promptfoo’s requirements without compromise:
“You guys were the only ones who had a mature offering that met all those deployment needs.”
The non-negotiables included:
- SAML v2 and OIDC support
- Cloud-based, on-prem, and air-gapped deployment capability
- Multi-tenant cloud support with proper isolation
- MFA and future passkey support
2. Unified Code Path Across Deployments
FusionAuth’s architecture allowed Promptfoo to maintain a single codebase for all deployment models:
“We don’t have two different routes, two different code paths for on-prem and cloud. It’s literally the exact same code path, which is amazing… to just be able to build that once and it works in whole different environments.”
3. Flexibility Through Lambdas
The Lambda functionality proved crucial for handling complex enterprise requirements:
“By using the lambdas and being able to… write whatever glue code I need… They’re like, ‘Oh, can you support these claims or can you support these properties?’ I was like, ‘Yes,’ because I knew we could just write the code and it would work.”
4. Exceptional Debug Capabilities
FusionAuth’s detailed logging and debugging tools accelerated implementation:
“One of the things I think that is extremely helpful that you guys nailed is the debug logging where you can see the detailed stuff every step of the way… it tells you what’s wrong. So it’s like, ‘Oh, this redirect URI is missing, you have a course issue.‘“
5. Startup Agility
As a startup needing to adapt quickly, FusionAuth’s flexibility was essential:
“In our case as a startup, one of the things is being able to just adapt quickly. We don’t know what anything’s going to look like in two or three months, so I couldn’t buy a product that just does one thing.”
The Implementation
Promptfoo’s implementation showcased the power of FusionAuth’s architecture:
Deployment Architecture
- On-Premise Customers: Each customer receives two Docker containers—Promptfoo’s application and a small wrapper container around FusionAuth
- Cloud Customers: Multi-tenant implementation using FusionAuth Cloud
- Air-Gapped Environments: Same deployment with network isolation enabled
Implementation Timeline
The entire implementation took just one week—meeting their aggressive three-week deadline for the first customer.
Role Mapping Solution
Using FusionAuth’s Lambdas, D’Angelo built a generic solution that could adapt to each customer’s unique requirements:
“I did the most generic implementation on our app, and then I was like, it doesn’t matter. I can just write whatever glue code I need.”
This approach allowed one engineer to support five different identity providers, each with their own role and team mapping requirements.
Results and Impact
Rapid Customer Growth
From 2-3 initial customers, Promptfoo has grown to 10-12 paid Fortune 1000/Fortune 500 customers:
“We’re up to 10 or 12 paying customers… We don’t have a ton, but the ones we do are massive.”
Engineering Efficiency
With just one engineer managing all authentication:
“It is just me right now… I’m trying to get the team up and running on it and onboarding.”
This efficiency allowed Promptfoo to scale from 3 to 6 engineers (with plans for 8) while maintaining focus on their core product.
Zero Authentication Roadblocks
FusionAuth enabled Promptfoo to say “yes” to any enterprise authentication requirement:
“The idea that we could just buy Fusion Auth and know that we were able to say yes to basically whatever… to me was one of the driving factors.”
Exceptional Reliability
The implementation has been so stable that support interactions are minimal:
“Everything’s just worked, which has been awesome.”
The Future
As Promptfoo continues to secure AI applications for the world’s largest enterprises, FusionAuth remains central to their growth strategy. The flexibility to adapt to new requirements ensures Promptfoo can focus on their mission of making AI applications safe for production use.
Key Benefits
- One-Week Implementation: From decision to production in just seven days
- Single Codebase: Unified architecture across cloud, on-premise, and air-gapped deployments
- Enterprise Ready: Support for any SSO configuration Fortune 500 companies require
- Engineering Focus: One engineer managing auth for all customers, freeing the team to build core features
- Infinite Flexibility: Lambdas enable custom solutions without rebuilding authentication
- Proven Scale: Successfully serving Fortune 1000 companies with 5,000+ users each
- Future-Proof: Ready for MFA, passkeys, and whatever comes next
D’Angelo’s final assessment captures the value FusionAuth delivered:
“We could not be happier with the decision we made. You guys delivered everything… It is one of the best decisions we made because it solved all of these problems that we needed and continues to. So very, very happy over here with everything.”
For security companies and startups serving enterprise customers with complex authentication requirements, Promptfoo’s success demonstrates how FusionAuth can transform authentication from a development burden into a competitive advantage.
How can FusionAuth help you navigate your authentication? Let’s talk.
