Moneyfarm is among Europe’s largest online wealth management companies. Moneyfarm’s 50,000 customers trust it with over £1 billion in assets, and the company has earned that trust by providing a simple and transparent way to invest. “There is a lack of transparency in the market,” explains Moneyfarm’s senior engineering manager Alessandro Orrù. Moneyfarm is different because it’s accessible to customers “that either don’t have a lot of money to invest, or maybe they simply don’t have enough knowledge to invest.”

Like many startups, Moneyfarm began with a monolithic application that handled all of the company’s services. When Orrù and his team realized it couldn’t scale, however, they decided to pursue a microservices approach. 

One of Moneyfarm’s first priorities was to overhaul authentication. “We sell financial products. We don’t build authentication. We shouldn’t build authentication,” Orrù says. “Authentication is something that is very complex and shouldn’t be part of what we’re doing on a daily basis, in terms of spending developers’ resources. So we tried to figure out what products were available to replace our developers’ time and do something a lot better, a lot more secure.” They quickly decided on Auth0.

Two Days for Mobile Implementation

Moneyfarm signed on with Auth0 in 2018 and began transitioning all its customer authentication for both its mobile apps and website. On the web side, Moneyfarm used Auth0’s custom database feature to connect Auth0 with Moneyfarm’s legacy system, thus ensuring a seamless migration. "We had to deal with the transition between the two, but it was quite easy," Orrù says, "and that was really, really cool."

When it came time to transition authentication for Moneyfarm’s mobile applications to Auth0, Orrù says, “it was even simpler because all the connection with our user base was already there.” The entire process took only a couple of days, and Orrù credits Auth0’s software development kits (SDKs) and documentation with streamlining the process.

Fast implementation has enabled Moneyfarm to keep adding new Auth0 features, such as multi-factor authentication (MFA). “It took a couple of hours to have a working MFA prototype,” Orrù says, happily. The team also used Auth0 Rules to customize their MFA solution, allowing users to opt-in based on their personal preferences.

Auth0 Does the Work of Over Five Developers

Moneyfarm has roughly 30 developers on their team, and Auth0 allows them all to stay focused on building their core product. According to Orrù, “If we had to build MFA on our own, or Brute Force protection, I think we would have needed five, six, seven developers for running and building the project.” Those features are critical for a company that handles sensitive financial information and needs to be GDPR-compliant. “We simply don’t have enough working power to build something that is always on the bleeding edge for the security of the authentication,” Orrù says.

Auth0’s platform is also saving the team time on customer support. In the past, when users accidentally triggered Brute Force protection and locked themselves out of their account, it took Moneyfarm five minutes to unblock them. Those minutes quickly added up, with 10 to 15 support tickets per week. Now, the process takes seconds. “Finally, we have a solution to unblock users without having developers edit our database directly,” Orrù says. “They simply go in Auth0, look for the user and unblock them.”

Authentication Clears the Way for New Partners and Possibilities

Using Auth0 has freed Moneyfarm’s team to work on new projects, such as a collaboration with the Italian postal service, Poste. “The moment we signed with them and we started developing, Auth0 helped us a lot in allowing them to authenticate with our systems,” Orrù says. “If we didn’t have Auth0, we would have spent a lot of time building our own solution for that.”

Likewise, the team recently enabled PSD2, an EU directive that connects Moneyfarm’s app directly with users’ bank accounts. Explains Orrù: “What we can do with PSD2, is, for instance, start a wire transfer on behalf of the user instead of asking them to go to their bank and send us their money to be invested.” It’s a huge breakthrough for their business. “If we’d had to deal with rebuilding the authentication system, it would have shifted the priorities,” Orrù says. “It wouldn’t have been possible without Auth0.”