Checkr, a high-growth tech startup, is on a mission to increase fair chance hiring – that is, enabling equal hiring opportunities for all qualified applicants, regardless of their criminal background. Background check and screening solutions inherently require a great deal of sensitive personal identifiable information (PII) about candidates. “We have to take care of that information to build trust with the candidates and build trust with our customers,” explains Checkr’s Director of Engineering, Matt Palermo. 

The Checkr engineering team started small, but as they have grown, they have built on AWS and refined their security and development processes. With a goal to strengthen their end-to-end security posture, authentication became a core consideration. “Our expertise isn't authentication,” Palermo states. “We want to be proficient at it, but we don't want to split our focus between building an authentication platform and focusing on our core business at the same time.” 

In sharpening this focus, Checkr identified moving beyond their homebuilt username/password solution as critical to scaling up for best practices, specifically around generating and securing tokens, and providing different types of sign-in options and enterprise connections for customers.

Auth0 Platform “Checks All the Boxes”

While Checkr’s homegrown solution followed security best practices, the company recognized its limitations for performing at scale and found maintenance of both the solution and its supporting infrastructure too time consuming. To find a dedicated authentication provider, Checkr performed an analysis across its different requirements, such as available SAML, enterprise, and social connections, uptime and SLA guarantees, and the estimated amount of effort Checkr engineers would have to spend managing the solution. After looking at a range of options, Checkr found that Auth0 “checked all of our boxes”, according to Palermo.

With Auth0, Checkr has enabled a wider range of login methods for their customers depending on the size of the customer and use case. For example, smaller businesses that run a handful of background checks often use username/password or social logins via Google and Github. Mid-sized customers often authenticate via a partner, so the partner’s application is connected to Checkr. In cases where larger customers use their own identity provider, Checkr uses a SAML connection. Auth0 makes all these methods possible across the approximately 24,000 business user logins Checkr handles each month.

Additionally, deploying in a private cloud environment increases flexibility and security. For Checkr, the importance of data security means ensuring that their data does not get mixed in with anyone else’s data and being able to segment their data effectively. “Auth0 Private Cloud gives us extra peace of mind knowing that we are working with our own dataset, and we can have a bit more control over our SLA and uptime,” says Palermo. 

Checkr has also found flexibility helpful in other areas of Auth0. For example, they have internal systems that they need to connect to during authentication to find out whether a user exists in more than one place or system, which they have an Auth0 Rule setup to do. Another favorite feature is brute force detection, which allows Checkr to respond to anomalous activity. “We’re generally more aware of potential attacks,” Palermo confirms. “We've definitely caught some things and were able to take action before they caused any harm.”

Focus on Expertise Delivers ROI

Being able to devote the majority of the engineering team’s time to developing core services that influence the bottom line means that an external authentication provider more than pays for itself. Checkr engineering effort not spent on managing identity has been spent on developing new packages and screening services, and even creating an automated billing system that reins in manual effort and helps collect revenue more efficiently. The five-person team managing Auth0 internally does not need to be dedicated solely to Auth0, and can contribute directly to achieving business goals.

“We don’t have to think about how to structure identity – we connect to Auth0, and it just works,” Palermo explains. “We spend minimal engineering effort on Auth0 as opposed to the 15 to 20 full-time engineers we’d have needed to build and maintain our in-house identity solution. This would not have been cost-effective or sustainable.”

Moving forward, Checkr plans to continue leveraging Auth0 to support their internal teams as well as their customers.

“Auth0 is an industry leader, anticipating both the features customers want and security we need,” says Palermo. “We really value the proactive approach to threats and providing plug-and-play solutions so we don’t have to worry or spend a lot of time integrating. We can securely offer our customers what they need, and it will be easy for us to expand the possibilities with Auth0.”