When you think about retail grocery, innovation might not be your first thought. With Norway’s Coop, however, innovation has been fundamental to their long-running cooperative. Whether it has been the cooperative business model itself, which gives its members a voice in how the business is run, leading the market in the 1940s with Norway’s first self-service store, or the introduction of Norway’s first self-scan store in 2018, Coop has embraced change that delivers value and convenience to its members. 

With longevity comes legacy, which creates challenges when implementing technology that facilitates improving member experience. According to Coop’s Head of Engineering, Adam Bell-Hanssen, “Coop has always tried to be on top of technology. Now we are shifting from traditional enterprise hardware to be more software and data driven. Inevitably the stack needs upgrading and new technology such as Kubernetes, Docker, microservices, zero-trust security, and token-based authentication enters the picture.”

As part of this digital transformation, Coop wanted to move to a cloud platform from their on-prem identity solution which was difficult to maintain and scale. The idea was to re-architect the entire landscape, which included re-engineering the Coop approach to identity management. As Bell-Hanssen explained, “We have key days during the year, such as Black Friday or the January sales, when traffic spikes reach up to 25 times the normal amount of traffic. At the same time, our old identity solution relied on token validation, which accounted for up to 85% of our traffic. We needed to move away from that, and also use the elasticity of the cloud to be able to scale up or down to meet demand without wasting resources or overloading the system.” 

Flexibility to Migrate One Client at a Time with No Downtime

Aiming for a scalable, easy-to-upgrade, and secure authentication solution, Coop selected Auth0 as a flexible identity service provider that would enable a gradual, one-client-at-a-time migration with no downtime. Auth0 allows for incremental migration while Coop continues to use their legacy identity platform while routing traffic through Auth0 using custom connections, which helps to make the migration risk-free. 

With a range of large clients, such as Coop Norway’s website and mobile iOS and Android apps, and several other smaller clients, such as food delivery, survey, and e-book platforms, among others, and a host of B2B partners, Coop wanted to ensure that migration would be seamless and virtually invisible for each of these kinds of clients without disruption. At the same time, Coop wanted to create a way to secure backend services, which were not secured before. 

“Running identity platforms is not Coop’s core feature,” says Havard Hvassing, Project Manager, Coop. “We add value to customers, but need a flexible identity platform to support that value-add process. With Auth0, we can get the most bang for our buck. We don't want to run a service that someone else can build and run infinitely with greater amounts of know-how.”

Automated Deployment for Zero-Click Ops

Coop wanted to automate as much as possible to move away from human interactions with tech operations. Configuring everything using the Auth0’s Management API enables zero-click ops for consistent infrastructure and less risk of misconfiguration. They use Terraform to automatically configure and set up tenants, eliminating the need for them to log in to the management dashboard. Whether they have five tenants or 50, they don’t want to keep track of this manually. 

“One area in particular Auth0 has been a great partner is automation – if we're not able to automate it, we're not going to do it,” says Hvassing. “Now, the client configuration is transparent, and using version control enables roll-back of configuration and replication of configuration between tenants and environments.”

Easy Multi-Factor Authentication and Excellent Support

Auth0 has enabled easy multi-factor authentication (MFA) login capabilities both for Coop and for clients. For Coop, Auth0 made the process of implementing MFA with BankID hardware tokens “trivial” –– the Coop team was able to set it up in one day.

For clients, login is frictionless because it’s a form of login and authentication that they are used to. But in the background, “we're migrating an IDP in a very complex backend system. There's a lot of legacy there. We're migrating this to a brand new system, and the customer never knows and never experiences disruption or downtime,” Bell-Hanssen states.

As Coop has worked with Auth0, they have consistently found value in its flexibility, finding a number of edge cases with which they extended Auth0’s functionality, but occasionally needed support from Auth0 Professional Services to perfect. 

“I'm quite impressed that the Auth0 team finds things out that I can't myself,” says Arvid Mildner, Backend Developer, Coop. “They are indeed professional with quick responses and really understand what I'm asking at a specific level.”