Plenty of SaaS companies talk about how security is built into their platforms, but they still suffer from vulnerable code. Snyk is dedicated to changing that, one user at a time. The company’s platform helps developers build software securely across the cloud native application stack, reducing vulnerabilities and license compliance issues in their code. In just four years of existence, Snyk has acquired more than 400,000 developers as users, earned a valuation of over $2 billion, and won high-profile enterprise customers such as Google, Salesforce, and Auth0.

When Snyk decided to outsource their identity needs, they needed a partner that shared their developer-first mindset and could help the company scale rapidly. They turned to Auth0.

Snyk Needed Security That Wouldn’t Slow Them Down

“Security and identity go hand in hand,” says Tzahi Furmanski, an engineering team leader on Snyk’s enterprise scale team. “And as a security product, this is one of the things we have to be really on top of.” Snyk started out using a custom-built identity and access management (IAM) solution. But as their product evolved to provide a richer web experience, it was clear their IAM solution needed to change, too.

“We implemented our own auth solutions in the past but found out very quickly that those can be very time-consuming,” according to Snyk senior software engineer Artur Kotliar. “Doing things like the security review for the process of recovering a forgotten password is something we don’t really want to manage on our own if we have an authentication provider we can rely on. And so we decided to use Auth0 instead of building it on our own.”

Snyk estimates that they save one to two engineers’ worth of time by using Auth0. And that’s not to mention saving on the legal consultants they’d need to ensure compliance with data privacy laws. “Snyk needs to comply with regulations like GDPR and CCPA,” Furmanski says. “And it’s really important for us that where we keep our users’ data is also complying with those regulations. So having Auth0 [as a compliant identity provider (IdP)] is definitely a big help.”

Personalized Onboarding in Seconds

Snyk uses Auth0 for two primary use cases: the individual developers who are the end users and the enterprise connections with large customers. Each group has different identity requirements, but Auth0’s platform has no problem accommodating this diverse set of needs. “It’s really easy for us now to manage the identities of users coming in through different logins because of Auth0’s solution,” says Kotliar.

Enterprise B2B connections typically employ Single Sign On (SSO) or Azure AD. “Big enterprises have their own IdPs, and they want to have their own role-based permissions in their organization, and they want to decide for all their users what they should consume on different apps like Snyk,” Kotliar says.

B2C users, on the other hand, use social logins such as GitHub, Bitbucket, and Google. The advantage of this type of login is that it removes all barriers to conversion, as Snyk’s team can attest. “The first time I logged into Snyk, without any prior knowledge, it was super easy,” Furmanski says. “Just going on the website, choosing what social provider to log in through, and then being launched into the platform.” Kotliar agrees: “The whole process of onboarding users at Snyk takes just seconds. It’s really fast and really easy.”

This ease of use has given Snyk’s platform a conversion rate of nearly 100% for new sign-ups. Furthermore, the team is confident that if they need to add new login options to meet customer needs, it won’t present a problem.

Building a More Secure Future for Everyone

The ethos of open-source software is built around developers helping each other by sharing knowledge. Snyk is dedicated to continually improving that ecosystem by making sure that this information is properly vetted. Now, they spend less time on identity and are focused on improving their product to be even more helpful.

Furmanski mentions a new integration that “alerts the developer as he writes the code, before it’s even merged, that ‘Look, you're using here something that has known issues and known vulnerabilities.'” He adds, “We're expanding our reach and strengthening our service to provide easier maintenance, easier prioritization, to help big customers navigate the trenches of vulnerabilities better.”

Snyk’s partnership with Auth0 allows them to innovate without being sidetracked by authentication issues. “By using Auth0 to handle our authentication needs, we’re able to focus on what we do best: providing our customers with the best solution for integrating security in their development lifecycle,” says Furmanski.