How Checkr Remains Focused on Core Business With Auth0
The leading background check platform scales identity best practices for business customers using minimal engineering resources
Checkr’s mission is to build a fairer future by designing technology to create opportunities for all. Our platform makes it easy for thousands of customers to hire millions of people every year. Using Checkr’s advanced background check technology, companies of all sizes can better understand the dynamics of the changing workforce, bring transparency and fairness to their hiring, and ultimately build a better future for workers.
Checkr, a high-growth tech startup, is on a mission to increase fair chance hiring – that is, enabling equal hiring opportunities for all qualified applicants, regardless of their criminal background. Background check and screening solutions inherently require a great deal of sensitive personal identifiable information (PII) about candidates. “We have to take care of that information to build trust with the candidates and build trust with our customers,” explains Checkr’s Director of Engineering, Matt Palermo.
The Checkr engineering team started small, but as they have grown, they have built on AWS and refined their security and development processes. With a goal to strengthen their end-to-end security posture, authentication became a core consideration. “Our expertise isn't authentication,” Palermo states. “We want to be proficient at it, but we don't want to split our focus between building an authentication platform and focusing on our core business at the same time.”
In sharpening this focus, Checkr identified moving beyond their homebuilt username/password solution as critical to scaling up for best practices, specifically around generating and securing tokens, and providing different types of sign-in options and enterprise connections for customers.
“We don't want to split our focus between building an authentication platform and focusing on our core business at the same time.”
Matt PalermoDirector of Engineering
Auth0 Platform “Checks All the Boxes”
While Checkr’s homegrown solution followed security best practices, the company recognized its limitations for performing at scale and found maintenance of both the solution and its supporting infrastructure too time consuming. To find a dedicated authentication provider, Checkr performed an analysis across its different requirements, such as available SAML, enterprise, and social connections, uptime and SLA guarantees, and the estimated amount of effort Checkr engineers would have to spend managing the solution. After looking at a range of options, Checkr found that Auth0 “checked all of our boxes”, according to Palermo.
With Auth0, Checkr has enabled a wider range of login methods for their customers depending on the size of the customer and use case. For example, smaller businesses that run a handful of background checks often use username/password or social logins via Google and Github. Mid-sized customers often authenticate via a partner, so the partner’s application is connected to Checkr. In cases where larger customers use their own identity provider, Checkr uses a SAML connection. Auth0 makes all these methods possible across the approximately 24,000 business user logins Checkr handles each month.
Additionally, deploying in a private cloud environment increases flexibility and security. For Checkr, the importance of data security means ensuring that their data does not get mixed in with anyone else’s data and being able to segment their data effectively. “Auth0 Private Cloud gives us extra peace of mind knowing that we are working with our own dataset, and we can have a bit more control over our SLA and uptime,” says Palermo.
Checkr has also found flexibility helpful in other areas of Auth0. For example, they have internal systems that they need to connect to during authentication to find out whether a user exists in more than one place or system, which they have an Auth0 Rule setup to do. Another favorite feature is brute force detection, which allows Checkr to respond to anomalous activity. “We’re generally more aware of potential attacks,” Palermo confirms. “We've definitely caught some things and were able to take action before they caused any harm.”
“Auth0 Private Cloud gives us extra peace of mind knowing that we are working with our own dataset, and we can have more control over our SLA and uptime.”
Matt PalermoDirector of Engineering
Focus on Expertise Delivers ROI
Being able to devote the majority of the engineering team’s time to developing core services that influence the bottom line means that an external authentication provider more than pays for itself. Checkr engineering effort not spent on managing identity has been spent on developing new packages and screening services, and even creating an automated billing system that reins in manual effort and helps collect revenue more efficiently. The five-person team managing Auth0 internally does not need to be dedicated solely to Auth0, and can contribute directly to achieving business goals.
“We don’t have to think about how to structure identity – we connect to Auth0, and it just works,” Palermo explains. “We spend minimal engineering effort on Auth0 as opposed to the 15 to 20 full-time engineers we’d have needed to build and maintain our in-house identity solution. This would not have been cost-effective or sustainable.”
Moving forward, Checkr plans to continue leveraging Auth0 to support their internal teams as well as their customers.
“Auth0 is an industry leader, anticipating both the features customers want and security we need,” says Palermo. “We really value the proactive approach to threats and providing plug-and-play solutions so we don’t have to worry or spend a lot of time integrating. We can securely offer our customers what they need, and it will be easy for us to expand the possibilities with Auth0.”
“We spend minimal engineering effort on Auth0 as opposed to the 15 to 20 full-time engineers we’d have needed to build and maintain our in-house identity solution.”
Auth0, a product unit within Okta, takes a modern approach to identity and enables organizations to provide secure access to any application, for any user. The Auth0 Identity Platform is highly customizable, and is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visithttps://auth0.com.