Positioning based on completeness of vision and ability to execute
As Auth0 debuts in the June 2018 Gartner Magic Quadrant (MQ) for Access Management in the Visionaries Quadrant, we sat down with identity expert and Auth0 Principal Architect Vittorio Bertocci and Dir. of Product Marketing Story Tweedie-Yates to talk about Auth0’s immediate vision for identity and where they think the market is heading.
What does it mean to you to have Auth0 named to MQ’s visionary quadrant?
VITTORIO: Auth0 has taken an alternative approach to identity since its inception in 2013, adapting to industry trends and customer requirements with speed and flexibility. The enterprises we work with experience these benefits through a strong ROI — and a satisfied internal development team.
Traditionally, identity has focused mostly on identity administration, but my good friends and Auth0 founders, Eugenio Pace and Matias Woloski, saw a need in the areas of identity development, extensibility, and programmatic integration as these areas were still far too difficult. They deliberately created integration options and extensibility for any identity use case — B2B, B2C or B2E — while also targeting the sorely underserved developer market. This focus created an identity platform that could assist in all identity use cases, not just those interesting to administration and IT. Those previously underserved areas are where Auth0 truly excels. In my opinion, our placement reflects Auth0’s ability to help our customers move beyond their previous limitations.
STORY: In terms of how we feel for ourselves as well, it always takes some time for ‘word on the street’ to grow around a new approach to what everybody had thought was a known set of customer problems. Auth0 believes placement in the visionaries quadrant validates our ability to help our customers solve their most complex identity challenges.
Can you talk about what the term ‘visionary’ means to you with regards to identity? What does the future of identity looks like to Auth0?
STORY: Take the idea of a database or a [customer relationship management] CRM system. Developers used to code their own databases and CRM systems … and then they began to outsource it to experts so that those same developers could focus on tasks more specific to their business’s core value proposition.
We believe that identity is going the same direction as databases and CRM systems. Every company is a software company writing their own apps, whether internal, for end-users, or for use with business partners. Where there are apps, there is a need for identity. And it’s making more and more sense to have experts take care of identity.
As the technology landscape continues to change at lightning speed and cybersecurity becomes even more of a concern, identity will become more complex and necessary all at the same time. Hence it will be more and more important that it is being handled by an expert.
VITTORIO: As data and algorithms play an increasingly central role in our lives, identity (people’s and machines’) becomes the linchpin around which more and more critical decisions will be made. The future belongs to the platforms and solutions that will best empower companies and individuals to see and act on opportunities and threats. That will entail a level of adaptability and flexibility that can only be achieved by leveraging human and machines respective strengths.
What does disruption look like in the identity space?
VITTORIO: What’s disruptive in identity is ease. Making it faster and easier for our customers to get to market with applications with swift logins allows for greater personalization of the user experience and ultimately provides them with revenue streams from new customers.
Historically, Identity is a difficult and lengthy challenge that requires a great deal of support from professional services teams. So anything that slices the time to implementation as well as the need for professional services is a massive and positive disruption for our customers who urgently need to get new applications to the market.
Our customers are competing hard in their respective markets with new apps ushering in new customer value, so anything that allows them to customize identity in their product offerings helps them to compete.
So for example, we use the term ‘extensibility’ to describe this customization capability but it’s basically the idea of being ‘API-first.’ So anything that has an API can be plugged into the authentication flow to make personalization — and any kind of customization — possible. At Auth0 we make this customization possible through a feature called Rules. For example, we have customers with both business customers and end-users signing into the same app. They use the Auth0 Rules function to route these users differently through the authentication process for their app.
Auth0 also speeds our customers’ time-to-market with SDKs and pre-built integrations for third-party identity providers, as well as quick configurations for inbound federated authentication and SSO. As Gartner picked up in their report, for Auth0 this includes options for customers' private identity providers, social networks and national ID frameworks.
STORY: I would just add here that customization feeds into the idea of being able to connect into other tools in a customers’ infrastructure, which can be a disruptive capability for our customers. It’s about staying agile, and ensuring that what you add into your infrastructure today will work with the changes that you want to make tomorrow. Being able to integrate on the back-end is just as important in supporting revenue goals, based simply on saved costs and getting the value out of your investment in identity.
How would you compare Auth0 to other solutions in identity?
STORY: Our beginnings — making things easier for developers — is reflected in how we help customers’ best challenges today. For example, we didn’t start out in identity specifically through one use case — B2B, B2C or B2E. We started with the idea of an identity platform that could solve all identity use cases. It is very rare to have a customer only using Auth0 for one use case.
The difference between Auth0 and other platforms becomes most apparent when the going gets tough. The most complex identity challenges are the ones we love.
Vittorio mentioned the idea of professional services before — we don’t typically rely on large professional services engagements to get up and running. This is something I think is important to emphasize as a differentiator because having a permanent reliance on professional services for identity will have a big impact on any customer’s pocketbook as well as team dynamics.
Our offering is also flexible. That means that, besides offering our solution in our public cloud, we can deploy it in a private cloud (controlled by us, Auth0), or in a private cloud (AWS only) controlled by the customer. Also, we can connect to any of your applications whether they are on-premises, legacy, or in the cloud. This provides customers with a level of certainty in the value of identity for their future business that is simply not possible with competitors who don’t provide the same level of optionality.
From a technical implementation standpoint, is there anything you feel merits a bit more discussion due to its business impact?
VITTORIO: I could talk about our strong standards-based approach to identity. For example, the concept of direct support for legacy web applications requiring proprietary HTTP header authentication techniques.
There are moments when it makes sense for our customers to continue working with a legacy system because, for example, it’s simply too costly to migrate it to something more modern at the moment. Our approach to legacy systems allows customers to do this without sacrificing security.
With Auth0, modern authentication can be added to any legacy web application without modifying any code, by adding an OpenID Connect Module to the web server and configuring it to use Auth0’s OIDC-conformant endpoints. [We have guides on how to integrate Auth0 with Apache and NGinx, which are the two most common web servers, but the same applies to any server that has an OIDC-conformant module.) The idea is to remove possible points of failure or inconsistency that working with legacy systems might bring. Any point in your identity deployment that is not running a current standard is a potential outlier that makes for more opportunity for something to break or become a weakness. Our approach attempts to make your exposure consistent and remove any holes by creating a way to connect a legacy system through a modern protocol. For those who simply have to rely on legacy applications, this is just one example of our how our emphasis on the most modern standards might differ from the competition.
Is there anything else specific you would point out around technical implementations of identity capabilities?
VITTORIO: I guess one other thing I could say is that, when it comes to the B2E use case, many times our customers want to do things like SSO into 3rd Party Applications even with Social or Database Connection logins. They also want to authenticate with custom apps, so for example they can use a CRM database as an identity provider. These are implementations we support. Although the report doesn’t go into depth on workforce use-cases, this is something we see quite often with customers.
STORY: I would just add that the reason these capabilities are important is they give customers flexibility to do what they need at the moment, regardless of their current set-up. This relates to what we talked about in terms of disruption in identity and helping customers be more agile and get immediate value out of an investment in identity for their applications.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.