How the NHS Leadership Academy is scaling with Auth0
Unifying identity across four nations and over 200 trusts

Leaving the legacy platform behind
The first version of the NHS Leadership Academy used the Ruby on Rails framework, with other functionality imported from third-party e-learning and CRM platforms. Single Sign-On (SSO) was absent, because as Vardhan explained, it proved challenging to integrate with other applications.
“As it aged, it became harder to maintain. It didn’t follow any of the industry authentication and authorization standards. We found it tough to integrate the vast suite of applications and sites that comprise the NHS Leadership Academy,” she said.
This was a serious problem. Throughout England and Wales, the NHS is organized across more than 200 “trusts.” These are responsible for delivering services in a given area and enjoy a high level of autonomy in the technology they use.
“Every NHS trust is different and there’s a lot of legacy technology at play,” she said.
For the rewrite, the NHS Leadership Academy standardized on the popular Laravel framework. As most of the other frameworks used in the Academy were written in PHP, it made sense to pick a PHP framework for the core application.
Laravel offers advanced authentication features, including Microsoft Active Directory (AD) compatibility. These were extended with the Auth0 Platform, helping them secure long-term scalability and improve developer efficiency.
“Now we can iterate our product regularly. Our team can devote their time and energy to the development of our core products and services. We don’t have to worry about identity.”
- Ishani Vardhan, Digital Delivery Lead
Faster iterations and less maintenance
As a public sector organization, the NHS vets all prospective purchases to ensure security, value-for-money, and compatibility with existing tools. The path of least resistance is always to pick a pre-approved product. Despite these challenges, the NHS Leadership Academy had a solid business case to procure Auth0 as its new identity provider.
“You have to make a formal business case. This is good governance, but it’s time-consuming. We created user stories and cost-benefit analyses showing what we’d do with the product and accounted for every penny. It was a lot of work,” said Vardhan.
It took five months to get the green light to procure Auth0, but it was worth the wait. In the years since its deployment, the NHS Leadership Academy team has already seen tangible benefits. They can dedicate more time on the core product, while spending less time on maintenance.
“We wanted to leave authentication to an IDaas platform. Identity is complicated. It simply isn’t something we handle on a day-to-day basis. Auth0 had all the features, tooling, and security assurances that we needed,” Vardhan said.
“Now we can iterate our product regularly. Our team can devote their time and energy to the development of our core products and services. We don’t have to worry about identity,” she added.
Reduced support calls, improved developer happiness
From day one, Auth0 allowed the NHS Leadership Academy team to accelerate their timelines and implement advanced authentication systems.
“Auth0 makes it so easy to handle authentication. The APIs are well-built. It has libraries for all the frameworks we use. It’s so incredibly developer-friendly,” said Vardhan.
“Our DevOps engineers were quite happy to onboard Auth0. It made it so easy to integrate new apps into the core product, build custom authentication flows, add branding, and migrate accounts from our legacy platform. We’ve also seen a gradual decrease in support calls [about access] and a reduction in the time it takes to reset passwords. Our end-users are now self-enabled.” she says.
The NHS Leadership Academy has also taken advantage of several advanced features within Auth0. It added self-service mechanisms that allow users to manage their accounts without contacting IT support. The team also added security features, including breached password detection feature, which alerts when a user’s password appears in an online data leak.
In the years to come, the NHS Leadership Academy team hopes to introduce passwordless authentication, although they admit this is a long-term aspiration.
“We’re looking at cultural change considerations to help people find new ways of working. It may be slow at first, but we’ll surely make steady progress.” Vardhan says.


