Login

How Lush Setup Website Authentication in 1 Month With 2 Devs

A development roadblock transformed the cosmetics giant’s ability to deliver customer and employee services

About

Lush was founded in 1995 by 6 co-founders; Mo Constantine, Mark Constantine, Rowena Bird, Helen Ambrosen, Liz Bennett and Paul Greeves. Emerging from the demise of a previous mail order business called Cosmetics To Go – a massive success that collapsed through a combination of over-trading and flooding – the same team that created and inspired this new venture. The first shop opened in Poole, Dorset where it still remains as the heart of Lush business ventures today.

Industry

Retail/eCommerce

Region

EMEA

When it comes to pursuing more ethical ways of doing business, cosmetics brand Lush is no stranger to pushing the limits. Founded in the 1990s, its commitment to sustainable, cruelty-free cosmetic production was an outlier in cosmetics and influenced the direction of the industry as a whole. In the process, it also grew into a £803 million business with operations in 47 countries.

Lush's firm “ethics-over-profit” approach applies to the digital side of its business as well — specifically in regards to data privacy. However, when it restructured its digital business using a microservices architecture, Lush found its existing approach to authentication complicated its ability to protect customers' data.

“We’ve solved so many business problems with a mix of technologies. But we needed a way to simplify the interactions our staff and customers had with those technologies without compromising security,” says Simon Ince, Lush’s creative technology and innovation lead. “We realized that creating a single sign-on (SSO) layer was the easiest way to do that.”

“We needed a way to simplify the interactions our staff and customers had with those technologies without compromising security.”

Simon InceCreative Technology and Innovation Lead

Homebuilt Authentication Hinders Lush’s Ability to Build New Features

Lush already had an internally-built authentication system, but the maintenance of that system was a full-time job for at least two developers which strained other parts of the business. “Our developers’ primary skill set is to build Lush-specific business logic into our systems. They often didn’t have the time to build new features the business requested because they were too busy maintaining fundamental parts of the system like authentication,” Ince explains.

Furthermore, even with all of the developer time the team dedicated to maintaining the in-house system, many within the company still questioned the security of that system. “While we haven't had any major data leaks, our home-baked solution had red flags all over the place for our internal data privacy team,” Ince says. “That posed a huge risk for us since ethics is the platform we've built our business on.”

“[Our developers] often didn’t have the time to build new features the business requested because they were too busy maintaining fundamental parts of the system like authentication.”

Simon InceCreative Technology and Innovation Lead

Lush Solves Authentication Roadblocks in 30 Mins With Auth0

Lush preferred to build their digital services in-house to ensure things were done ethically. However, the development challenges it faced made it question whether using open standards might be a better option — something they first considered while working on a feature request. “The business wanted us to build a chat system for customers to talk to staff members at their local store before they visited and we realized we needed a way for staff to log in,” Ince says. “However, at the time our authentication system was going through a rewrite and we didn’t know how the new system would function.”

With the development of the new chat system at an impasse, the team decided to use Auth0 to solve their authentication issue and keep the project moving. “We only had a couple of weeks left until launch, and we hadn't even figured out how to get the staff to log in,” Ince explains. “But literally, within half an hour, we had the authentication part of the project solved just by copying and pasting from Auth0’s documentation.”

“But literally, within half an hour, we had the authentication part of the project solved just by copying and pasting from Auth0’s documentation.”

Simon InceCreative Technology and Innovation Lead

Simplified Authentication Fuels Innovations for Lush

The success of the chat system project made Ince and his team wonder — if implementing authentication with Auth0 was really so easy, why wouldn’t they use it elsewhere? “Things really snowballed after the first project,” Ince says. “For example, when we revamped our website, our initial plan was to launch with guest checkout only. But with Auth0, two developers were able to add authentication to the site without changing our existing timeline or roadmap. Auth0 made the whole thing so easy for us.”

Within one month, Auth0 was integrated with the customer-facing website by just those two engineers. 

Auth0’s platform also helped Ince and his team centralize the point-of-sale (POS) system for the entire business — something they’d always hoped to achieve but had thus far been unable to do. “We've rolled a central POS out in the UK and in Germany. But the login piece had always blocked us from integrating with our business in other territories,” Ince explains. “Moving to Auth0 will help us do this much quicker.” And using Auth0’s Marketplace, Lush is exploring integrations that can solve other complex issues beyond authentication, such as OneTrust for consent management.

In the near future, the Lush team plans to use Auth0 to power other projects that will help them keep their focus on serving their customers rather than fiddling with technology. “We use a real mix of technologies in our stores to track stock levels, such as tablets, FOBs, and more,” Ince says. “Auth0 will make it really easy to connect all of this tech together, so our staff can pay less attention to these devices and focus more on customers.”

“... two developers was able to add authentication to the site without changing our existing timeline or roadmap. Auth0 made the whole thing so easy for us.”

Simon InceCreative Technology and Innovation Lead

About Auth0

Auth0, a product unit within Okta, takes a modern approach to identity and enables organizations to provide secure access to any application, for any user. The Auth0 Identity Platform is highly customizable, and is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.

9K+

Enterprise customers

70+

Countries with Auth0

24/7

Support coverage

Get started →

Signing up is free. Experience Auth0 for yourself and see how we help companies of all sizes make their organizations safer.