announcements

The Developer-First Identity Platform – Auth0's Story and Future

A company retrospective and future vision from Auth0’s CTO and Co-Founder.

May 21, 20198 min read

Last week we had our annual offsite in Cabo, Mexico where we shared with all the Auziros where we come from and where we are going with our product. Yesterday, we announced our new funding and I wanted to share some of the same things we talked about last week.

A company retrospective and future vision from Auth0’s CTO and Co-Founder @woloski

Tweet This

The Beginning

When we started Auth0 in 2013, there were three important shifts developers were going through related to authentication and authorization:

  1. Identity becoming the ultimate firewall with software deployed in the cloud and widespread smartphone usage, and consequently, richer API emergence

  2. Developers picking best-of-breed platform and languages

  3. Password and data breaches becoming a much more prevalent threat

Suddenly, implementing your own authentication and authorization layer was not a great idea. Developers were confronted with software deployed anywhere; the user identity flowing throughout multiple services written in different languages/platforms; and the need to implement best security practices to prevent a breach.

Developer-First, Simple, and Extensible

Given the challenges inherent to building authentication and authorization, our strategy for the first few years was to build a platform for developers that would provide a simplified layer on top of this complexity. At the same time, when we started serving our first enterprise customers, we had to deal with last-mile integration issues and the need to customize the platform for their specific requirements. That was the driver to implement Webtask, our serverless runtime that provides built-in extensibility, in 2014 (even before AWS Lambda was a thing).

Auth0 first strategy was to build a developer-first identity management solution.

Our very first homepage had a clear message about making identity simpler for developers.

Auth0 makes clear that one of its goals is to make identity simpler for developers.

We spent a great deal of time building our resources and documentation for developers, not only for Auth0-specific usage but for identity topics in general. We found that there was a huge gap in knowledge, especially with the pace at which cloud computing was evolving, and the need for identity was increasing exponentially. We genuinely wanted to help developers.

After six years and thousands of articles, quickstarts, and guides, our blog is now read by more than 700,000 developers monthly around the world. From this number, 17,000 of them sign up for a trial every month.

After six years, Auth0's blog is now read by more than 700,000 developers monthly.

As we have dedicated the last six years to also continually improving our identity platform, one constant has been keeping it developer-centric and relying on our proprietary extensibility capabilities to service our customers’ every identity need. It is this simple, yet powerful, last-mile customization capability that makes us stand out. And it’s evident that our customers take advantage of it, with almost 87% of them extending our platform using serverless rules to achieve pretty much any use case you can think of.

87% of Auth0's customers extend the platform by using serverless rules.

Scale, Trust, and Enterprise Readiness

When we raised our Series A in 2015, we knew we had found our product market fit. We started to see more and more traction in the enterprise and were turning into a "real" company. With more enterprise customers needing our services and signing on as customers, we had to scale our product and organization.

Our focus then turned to scalability, trust and compliance, and enterprise readiness:

Auth0 is also focused on scalability, trustworthiness, and enterprises.

Midway 2019, Auth0 is a world-class platform that helps developers, administrators and end users to do their job simply and effectively, while offering unparalleled extensibility at every stage of the authentication and authorization lifecycle.

Inside the Auth0 engine

Download the high resolution image here

On the scalability front, we’ve had to go from 300 logins per second to 3,000. Today, we handle 2.5 billion logins per month, and have tens of million users registered, securing hundreds of thousands of applications.

Auth0 is currently handling 2.5 billion logins per month.

On trust and compliance, we’ve grown our Security and Compliance teams and have achieved important certifications, such as ISO 27001 and 270218, SOC 2 Type 2, HIPAA, and PCI.

Auth0 achieve important certifications, such as ISO 27001 and 270218, SOC 2 Type 2, HIPAA and PCI.

We made our product enterprise-ready, providing our customers with management tools like our Account Center; developing our Professional Services teams to help customers with the most complex scenarios implement even quicker; we started partnering with System Integrators and other developer-led companies like Twilio, Sendgrid, AWS, and others.

Auth0 made the product enterprise-ready, providing customers management tools and partnering with system integrators.

In these six years, we’ve created a new category: a developer-first identity platform that is simple to implement and easy to extend. On top of that, we scaled it and made it trustworthy. So, what comes next for us?

Our Vision

Since our inception, we’ve always believed in a single platform to solve all Identity and Access Management (IAM) requirements. We take a very different approach compared to what traditionally has been done in this industry. Developers, the "makers" of this new world, appreciate building blocks that are simple to integrate but that can adapt to different situations.

When we think about how our platform evolves, we want to take the simplicity and flexibility we’ve built for the developer to a new level. Providing end-to-end workflows for the different actors using our software:

Auth0 focuses on different actors, like end users, security teams, and administrators and IT professionals.

  • End Users: We are all end users of software on the internet. But many idiosyncrasies happen with authentication, mostly because developers are choosing between optimizing between user experience and security as a zero-sum game. We are creating a platform that unlocks this dependency allowing you to increase BOTH. Rather than forcing users to log into applications every single time they want to use them, we enable developers to improve the overall experience and keep customers secure at the same time. Previously, only large companies with extensive resources, with hundreds of dedicated engineers were able to achieve that perfect balance. We aim to democratize this and make it available to all developers in the world.

  • Security teams: Every company is a software company, which makes hiring security experts more and more challenging. CISOs are looking for ways to automate their jobs as much as possible with the end goal of protecting users’ security and privacy. We want to provide them with a single pane of glass that alerts them and self-remediates any sort of attack.

  • Administrators and IT Professionals: IT departments and business support comprise the backend of IAM. Their day consists of keeping all systems humming, often amidst a relentless barrage of inbound help desk tickets. They have to deal with things like getting audit logs for compliance, onboarding users to new applications, updating a SAML certificate that might have expired, assigning permissions to access an API, resetting the MFA of someone who lost their device, etc. Now, multiply that by the number of users and applications they have to deal with, and you can understand why it can be gruesome. We can decentralize and automate this work by providing out-of-the-box integrations and self-service tools to create an ecosystem where developers can easily implement those to reduce the resources and costs involved in fielding these requests.

We are building a single platform consisting of building blocks and out-of-the-box customizable experiences to solve use cases for all these people. Our vision is to provide people with secure access to any application in one-click or less.

Auth0's vision is to provide people with secure access to any application in one-click or less.

Tweet This

Our Guiding Principles

The one thing that stays constant, as we deliver on this vision, is our guiding principles. Providing a developer-first, simple, and extensible platform, is what makes Auth0 unique. Those differentiators lay on top of two foundational principles that we developed over the years: our scalability and trustworthiness.

Auth0 product pillars

</div></div>

When we think about solutions to the jobs these people above have; when we are answering a question to a customer; when we write a blog post; the whole product think about simplicity, extensibility, developer-first, scalability, and trustworthiness. If we are not holding the bar high on these principles, we want you to keep us accountable.

What’s Next

The new funding will give us more fuel that will be used to accelerate investment in all areas. To accomplish the vision we have, we will: grow our Product Engineering teams; continue to invest in our developer-led go-to-market strategy with our Marketing teams; continue to invest in our global expansion to sell our product everywhere; and continue to grow our security, trustworthiness, performance, and scalability practices.

What's next for Auth0 after this funding?

We are so thrilled with the support we have experienced thus far. With continued growth and global expansion, our mission and reason for existing will remain unchanged – to help developers innovate faster.

If you identify yourself with our vision and mission (and our culture), please, go ahead and apply to join us!