How Nutmeg Tightened Security and Time to Market With Auth0
The British wealth management company needed authentication that would evolve with them
Nutmeg is changing the way people manage their money. Combining an investment team with over 75 years’ expertise with intuitive technology, we offer all UK investors high-quality wealth management and personalised financial advice services with totally transparent charging.
London-based digital investment company Nutmeg is out to democratise wealth management. Since 2012, Nutmeg has put sophisticated investment tools and advice in the hands of over 100,000 customers, many of whom weren’t catered to by other financial institutions.
Nutmeg has leveraged modern technology like AWS since day one, and in the past two years, the company has adopted more technologies that expand its suite of offerings to deliver new services and third-party integrations that give users even more control and insight into their investment options. Nutmeg also wanted to ensure it had a cutting-edge authentication solution that could keep up with evolving technological standards, legal obligations, and cybersecurity threats.
Nutmeg Needed a Secure Solution, Built for Growth
Prior to partnering with Auth0, Nutmeg maintained its own in-house identity and access management (IAM) solution, which provided basic authentication, password resets, and a simple form of multi-factor authentication (MFA). But without in-house authentication expertise, the solution couldn’t be improved with new features. “One could say that it had fallen behind the times,” says Neel Vadgama, Nutmeg’s Director of Engineering.
Nutmeg had three priorities in searching for a new IAM partner. The first, says Vadgama, was “security for our customers, enabling security mechanisms such as MFA.” Nutmeg also wanted to federate identity for Nutmeg employees. The third priority was integrations: enabling secure connectivity between customers and third-party accounts with tools like Starling Bank, Yolt, or Money Dashboard. “A key driver was finding secure authentication to scale our service as the company grew,” Vadgama says.
Three Use Cases, One Authentication Partner
Nutmeg initially partnered with Auth0 to bring secure authentication to its 100,000+ customers on mobile and web applications. To make the transition seamless for users, Nutmeg used the bulk migration approach, moving users to Auth0 immediately. They’ve enabled features such as brute force protection, and Vadgama reports that they’re “looking to expand in the future, offering more mechanisms for MFA using new authentication mechanisms, such as magnetic links, which weren’t available to us using our homebuilt authentication solution.”
For Nutmeg’s B2B use case, they needed to connect their customers’ Nutmeg portfolios with third-party apps, so they have a single view of all their banking and financial information. “Auth0 has enabled us to do that using the OAuth flow,” says Vadgama. “Now, customers in these third-party aggregator apps can see a full view of their short-term and long-term wealth opportunities.”
Finally, Nutmeg used Auth0 to authenticate its own staff and federate identity across its internal applications. “Previously, each of our core back-office applications had its own authentication mechanism,” explains Vadgama. “But now we have Auth0 federating against our Office 365 Active Directory Setup, meaning we can connect our internal applications through to Auth0.” Looking ahead, he says that “Auth0 is going to enable us to have a single source of entry for all our employees.”
Auth0 Frees 2–4 Developers to Focus on Nutmeg’s Core Mission
Nutmeg’s lean engineering team is relentlessly focused on serving customers and expanding the company’s services. They estimate that without Auth0, they’d require a team of two to four engineers to maintain an authentication solution.
But thanks to Auth0, Vadgama says, “our engineers and developers can focus on building out our products, as opposed to worrying about ‘Are we up to date with the latest standards in our authorisation service?’” This has a direct impact on Nutmeg’s ability to establish partnerships. “A partner would ask, ‘Do you support OAuth2 authentication?’ And my engineers would have to go and build that for months on months,” Vadgama says. “Whereas now we can say, ‘Yes, we do. Send us across your configuration,’ and off we go. Auth0 has opened the floodgates to B2B partnerships.”
Not having to worry about IAM has also freed up Nutmeg to focus on launching new products, like the Junior ISA offering they debuted earlier this year. “With Auth0, given that our team didn’t have to focus on managing authentication, they were able to put the majority of their capacity behind launching the Junior ISA,” says Vadgama. “That’s a big achievement for our D2C business. It’s brought a whole new audience of customers to Nutmeg.”
Over the coming year, Nutmeg plans to use Auth0 to continue expanding its integrations and explore more advanced authentication and security features, all in the name of serving their customers. “We’re very proud of the technology we’ve built, and we’re proud to continue evolving that,” says Vadgama. “And we’re always leveraging expert platforms, where we can, to ensure that we’re providing the best service to our customers. That’s where our journey with Auth0 began, and it’s important we continue to think in that way.”
Auth0 provides a platform to authenticate, authorize, and secure access for applications, devices, and users. Security and application teams rely on Auth0's simplicity, extensibility, and expertise to make identity work for everyone. Safeguarding billions of login transactions each month, Auth0 secures identities so innovators can innovate, and empowers global enterprises to deliver trusted, superior digital experiences to their customers around the world.For more information, visit https://auth0.com or follow @auth0 on Twitter.