Articles on Identity Basics

Choosing between multi-tenant and single-tenant IDaaS solutions comes down to an organization's business objectives and requirements. Which trade-offs are you willing to make? Is security most important, or is cost your primary driver? Learn the differences here.

Signing up for accounts is something we're all familiar with. It's a gateway to the applications we want and need. But it's not really fun. Or pleasant. After all, we're signing up because we desire access to the application, not because we want to set up yet another username and password.

A slow migration can be an effective way to move user data when upgrading your auth system. Migrating each user when they authenticate lets you lower risk and decrease downtime. Additionally, such a phased migration requires less understanding of the legacy system.

IDaaS provides out-of-the-box capabilities enabling engineering teams to focus on building features valuable to business rather than spending time and resources on reinventing the wheel of securing application access. But outsourcing isn't as simple as it sounds. Vendor management is time-consuming and can introduce significant risks to the business if due diligence isn't performed.

Sometimes, despite a salesperson overcoming all your concerns or a landing page perfectly crafted to speak your language in every bullet point, there's a lingering fear that the product you're looking at just might not be what you're looking for. Everyone has experienced buyer's remorse at some point in their life, and most people I know don't want to go through it again.

Some auth providers make the source code for their solutions available and others keep their source code proprietary. Choosing one of these types of authentication providers over the other is not always a cut-and-dried decision. Support, release frequency, relicensing capability, maintenance, who is responsible for security, and cost are all factors you should consider.

Auth is a necessary part of any software product, but how you implement auth is not necessarily always the same. Careful consideration is needed, because your decision to outsource will not only impact speed of development, but also long-term product maintenance.

Authentication is an integral part of your application, and as such the acquisition of your auth vendor isn't like other acquisitions. When it happens, who knows what might change? Will your new provider give you the same support? Pricing? Integration options? All of these might change for better or for worse. Learn about possible changes and how to mitigate the risks.

Learn the various types of authentication systems: DIY, drop-in and full-fledged. Each of these has advantages and limitations and might suit your application in different ways. How can you choose?

As companies and users engage in more online transactions and digital services, businesses must take greater measures to confirm a person is who they say they are. Identity proofing verifies and authenticates the identity of legitimate customers to prevent fraudulent users from accessing your data.

SCIM is a standard for transferring user data from one system to another. SCIM allows you to share users between datastores in a secure, automated fashion. Learn more about SCIM, how it works, and why you might need it.