Winning Playbook With Auth0
Auth0 was chosen as the identity platform for Bluetooth SIG. The platform was chosen not solely for technological capability, but also for state-of-the-art security, top-notch documentation, excellent customer support, and a superior licensing model that was a right fit for the organization.
The return on investment for Bluetooth SIG was measured primarily in opportunity cost. For every engineer that would have been tasked with building and maintaining the identity solution, would be an engineer taken off of working on a project core to the organization’s mission.
On the technology front, Auth0 met all of the needs of Bluetooth SIG. Having the capability is one thing, but the ease of integration cemented the choice for the engineering team. The organization already had various applications, both homegrown and SaaS, and Auth0’s modern identity solution was implemented on top of the existing technology without any code changes.
With Auth0, the team was able to integrate Single Sign-On (SSO) and modern authentication on top of the existing legacy implementation. This allowed the team to use their existing database of users which meant they wouldn’t need to inconvenience their members with password resets or downtime. This also allowed the engineering team to define a roadmap for migration that they felt comfortable with and fell in line with their plans for the future.
“Implementing the Auth0 identity solution took a single digit number of days versus the estimated months to build a solution in-house.”
– Jeremy Syme, Director of System Engineering
Bluetooth SIG needed an authentication solution they could have full confidence in both from a security and access standpoint. On the security front, Auth0 met the needs by providing a secure cloud based infrastructure that supported encryption, password hashing, and attack mitigation. Support for standards-based authentication protocols like OpenID Connect and OAuth 2 ensured that Bluetooth SIG would not experience vendor lock-in.
Bluetooth SIG needed a highly granular permissions system for their users. With various member levels and working groups across the organization focusing on different parts of the Bluetooth specification, it was important to get access control right. The organization already had a permissions system defined and Auth0 was able to use these existing roles and permissions seamlessly.
Top notch documentation played an important educational role for Bluetooth SIG engineers. Authentication and identity management are complex topics by themselves, but compounded with various standards and implementations it can be a daunting task to understand and implement correctly.
Auth0 provided quick start tutorials paired with real world code samples which allowed the Bluetooth SIG team to quickly build and experiment with different features and configurations. Actual code samples that could be downloaded and run were a key in helping the team understand how to put all the pieces together and how the real-world implementation would work for their platform. In-depth guides and blog posts provided additional knowledge on how-to’s and best practices for optimal security and performance.
Auth0’s licensing model was a perfect fit for Bluetooth SIG. Rather than charging a fee for every user each month as is typical in the SaaS industry, Auth0’s licensing model is based around active usage. This means that an organization using Auth0 only incurs a cost when their users actually log in.
The majority of Bluetooth SIG members fall in the Adopter category. Out of the 150,000 users, the majority typically log in a few times per year to get the latest documentation and standards released by the organization. A pay per user licensing model did not make sense in this regard. Paying for active users made much more sense.
Bluetooth SIG and Auth0 worked collaboratively to develop a proof-of-concept and showcase platform capabilities. After the decision was made to go with Auth0, the customer success team provided quick response times for questions and issues. Issues were resolved quickly and transparently.
A concern that the management team had with offloading authentication and user management to a third party was unexpected downtime. Auth0’s track record of transparency for incidents and downtime as well as community outreach helped put the management team at ease with trusting a third party with one of the key aspects of their platform.