When most people think of accounting, they think of large datasets, complex transactions, and changing compliance standards. Thanks to Netherlands-based SnelStart, accounting is made easy and affordable for more than 82,000 entrepreneurs and about 3,800 accountancy and administrative offices. The company’s platform can scan receipts, provide online invoicing, and generate VAT returns with the touch of a button.

Since its founding in 1982, SnelStart has become a trusted name among accountants, bookkeepers, and entrepreneurs. However, when the Payment Services Directive 2 (PSD2) regulation went into effect, SnelStart needed to meet several criteria to comply — one of which was increased user security.

The company set out to modernize its identity management in order to provide a better user experience, heightened user security, and ultimately obtain PSD2 certification.

Documentation Makes Implementation Easy

For years, SnelStart used a homebuilt authentication solution with their own database and password hashing algorithm. “We found that our way of authenticating was secure, but not secure enough for the PSD2 certification,” says Daan de Schepper, solutions architect at SnelStart. The solution also demanded the resources of their development team to keep it up-to-date.

After evaluating several providers, SnelStart selected Auth0 for its security features and robust documentation. “The ease of implementation is really helped by the excellent documentation, with all kinds of SDKs for .NET, iOS, Android, and single-page applications like our web product,” says de Schepper.

Transition to Modern Identity Saves Development Capacity

With Auth0 setup, Snelstart added Brute Force Protection, one of its requirements for an authentication provider, to curb credential stuffing attacks. With the feature enabled for their 90,000 monthly active users, SnelStart can block traffic from an IP address if there are an abnormal number of login errors. 

SnelStart then turned its attention to the user experience, setting up Single Sign On (SSO) to connect various products, including their web and mobile applications, so users don’t have to continually provide credentials. And when the company wanted to add SSO to its new UserVoice customer feedback portal, de Schepper recalls “it was less than a day’s work” to set up. “If we had implemented SSO without Auth0, it would have probably taken us months.”

Due to the requirements needed for the PSD2 certification, de Schepper estimates they would have needed a full-time team of at least four developers handling authentication if they had kept their solution. “We have about 20 developers, so it's a significant portion of our development that would go into authentication,” he says.

Less Legacy Code, More Operational Efficiency

Soon, SnelStart will activate Multi-Factor Authentication (MFA) across its web and mobile platforms to offer another layer of security to its users. Like with SSO, de Schepper believes the ease of implementing MFA could save up to six months of development time. And for additional safety, the team is also considering adding Breached Password Detection which can notify or block users from logging in if Auth0 suspects their credentials were part of a security breach. 

While SnelStart’s modern identity approach has improved its user experience and security, it’s also allowing them to focus time on removing legacy code and increasing internal operational efficiency.

“In the coming months, we will be removing huge amounts of legacy code and complexity from our landscape because we can move to the Auth0 best practices for things like changing your password.” says de Schepper. “Auth0 handles that for us, and that gives us back time from an operational perspective.”

With more development and operational capacity, SnelStart is testing new Auth0 use cases, such as authentication for a chatbot that customers can use to communicate with its administration via platforms like WhatsApp. “Our R&D team has used Auth0 very easily to implement that kind of authentication scenario,” says de Schepper. “With Auth0, we do some configuration without having to spend an insane amount of time, and we can be sure that we are safe.”