Auth0 Platform “Checks All the Boxes”
While Checkr’s homegrown solution followed security best practices, the company recognized its limitations for performing at scale and found maintenance of both the solution and its supporting infrastructure too time consuming. To find a dedicated authentication provider, Checkr performed an analysis across its different requirements, such as available SAML, enterprise, and social connections, uptime and SLA guarantees, and the estimated amount of effort Checkr engineers would have to spend managing the solution. After looking at a range of options, Checkr found that Auth0 “checked all of our boxes”, according to Palermo.
With Auth0, Checkr has enabled a wider range of login methods for their customers depending on the size of the customer and use case. For example, smaller businesses that run a handful of background checks often use username/password or social logins via Google and Github. Mid-sized customers often authenticate via a partner, so the partner’s application is connected to Checkr. In cases where larger customers use their own identity provider, Checkr uses a SAML connection. Auth0 makes all these methods possible across the approximately 24,000 business user logins Checkr handles each month.
Additionally, deploying in a private cloud environment increases flexibility and security. For Checkr, the importance of data security means ensuring that their data does not get mixed in with anyone else’s data and being able to segment their data effectively. “Auth0 Private Cloud gives us extra peace of mind knowing that we are working with our own dataset, and we can have a bit more control over our SLA and uptime,” says Palermo.
Checkr has also found flexibility helpful in other areas of Auth0. For example, they have internal systems that they need to connect to during authentication to find out whether a user exists in more than one place or system, which they have an Auth0 Rule setup to do. Another favorite feature is brute force detection, which allows Checkr to respond to anomalous activity. “We’re generally more aware of potential attacks,” Palermo confirms. “We've definitely caught some things and were able to take action before they caused any harm.”
“Auth0 Private Cloud gives us extra peace of mind knowing that we are working with our own dataset, and we can have more control over our SLA and uptime.”

Matt PalermoDirector of Engineering