How Zinnia Built a Scalable, AI-Ready Identity Layer with Okta

25 IDP

integrations enabled via Enterprise Connections

1-2

sprints for new client integration instead of months

10,000+

users per enterprise customer managed with Auth0

1

unified authorization model for human and non-human identities

The insurance lifecycle is built on the promise of reliability and trust during life’s major transitions. For Zinnia, fulfilling that promise means empowering its life insurance & annuity customers with a cloud-native platform that simplifies everything from automated policy issuance to benefit distribution.

Driven by their commitment to meet their customers exactly where they are, Zinnia recognized that — in a digital-first insurance landscape — identity is the foundational layer that determines how every policyholder, agent, and system interacts with sensitive data. With a scalable identity security fabric, Zinnia empowers its customers to securely bridge disparate systems and apply their own security policies, while enabling it to continue investing in its offerings and delivering a consistent customer experience.

To realize this modern vision, Zinnia chose to evolve their platform by finding a strategic partner to handle the complexities of identity and access management (IAM). "Our objective is to be as predictable, repeatable, and scalable as possible," says Ali Khatami, vice president of engineering and chief technology officer of insurance platforms. "We looked for an identity partner to standardize our client integration and eliminate technical friction, allowing us to focus on our own innovation."

Prioritizing trust and partnership over point solutions

While Zinnia evaluated several identity providers, the company’s primary objective was to find a long-term collaborator. "We had a lot of requirements,” explains Khatami. “But at the end of the day, what we were looking for was a true partner."

Okta stood out for its collaborative approach, proven by Zinnia’s early involvement in beta programs for capabilities like Fine-Grained Authorization (FGA). This allowed them to build the product together as partners — showing Zinnia that Okta was committed to their success.

This partnership turned identity from a technical necessity into a strategic advantage. With the agility and stability of the Auth0 Platform, Zinnia can dedicate more resources to focus on their core insurance products, backed by a secure and scalable foundation required to meet customers where they are.

Fine-grained authorization at scale: Governing human and non-human identity

In insurance, identity is more than just a username and password. “Identity is also your relationship to a specific piece of data, whether that is a policy, an annuity contract, or a claim," Khatami explains. Previously, Zinnia’s developers worked within a role-based model, writing custom code for each client—a manual process that added weeks to each integration.

To address this, Zinnia implemented FGA and shifted to a Relationship-Based Access Control (ReBAC) model. This replaced hard-coded logic with a granular map of permissions, decoupling authorization from the core codebase. By centralizing access control management, Zinnia can now standardize the permissions for every integration via Auth0’s Terraform provider.

"The maturity of Auth0’s Terraform provider was a key factor for us," highlights Rizwan Noorani, senior director of engineering. "It allowed our teams to manage the entire identity stack as code, helping us ensure every client environment is standardized and free from manual configuration errors.” This infrastructure-as-code approach allows Zinnia to meet unique client demands out-of-the-box, reducing a month-long technical integration to just a couple of weeks.

Beyond accelerating integration, FGA’s granularity enables Zinnia to apply consistent permissions and policies to both human users and agentic AI. By grounding every identity in the same ReBAC model, FGA maintains oversight through a unified authorization layer while providing an audit trail that allows Zinnia to trace every action back to a specific authorization." FGA truly allows us to audit and cater what a user — human or AI — can and cannot do to ensure they are as productive and safe as possible," says Khatami.

Creating a seamless, scalable partner experience

To meet and exceed customer requirements, Zinnia designed a flexible, vendor-agnostic onboarding experience. The foundation of this is a "bring-your-own-IdP" model is Auth0’s Enterprise Connections. This approach has replaced months of manual work with a one- to two-sprint integration cycle, allowing clients to integrate directories into the Zinnia platform. "Enterprise Connections gives our client partners the autonomy to manage their identity principles and policies, while ensuring a seamless and secure integration with our digital experiences,” says Khatami.

Additionally, Auth0 gives Zinnia the flexibility to tailor login experiences by use case. For carriers, Zinnia utilizes Auth0 SDKs and custom code to embed authentication directly into a carrier’s website — ensuring the experience feels like an extension of the brand from day one. At the same time, Zinnia leverages Universal Login for consistent branding across their own corporate authentication flows. With Auth0, Zinnia has total control over the login journey while being well positioned to leverage new Universal Login capabilities as the platform evolves.

Behind the scenes, the team leverages Actions as the critical link between authentication and authorization. As Noorani explains, 'The extensibility of Actions allows us to inject custom claims like our Universal Party ID on the fly, acting as the glue that enables our API layer to authorize users via FGA.' By performing this pre-authentication work, the team ensures that every access request is secure and context-aware. The result is a unified, actionable identity that facilitates seamless management for enterprise partners.

The flexibility of the Auth0 platform has enabled Zinnia to successfully integrate 25 clients, supporting a predictable onboarding process with a diverse range of branded experiences. Together, Okta and Zinnia have built a seamless, scalable partner experience that ensures a consistent journey for every user.

Advancing security while elevating the customer experience

For Zinnia, security has always been a non-negotiable priority. As the platform evolves to handle increasingly sensitive and complex transactions, the stakes have never been higher. Meeting this challenge requires a modern, layered approach: defending the entire platform from broad automated attacks while safeguarding individual user journeys from targeted risks — all without adding friction.

For individual users, Zinnia utilizes Adaptive Multi-factor Authentication (MFA) to provide the financial-grade, strong authentication required for high-stakes transactions. “Adaptive MFA fulfills both our security and user experience requirements,” says Khatami. “It has the auditability to take data, perform an analysis, and share those insights directly with our security team, ensuring our security posture is sound.” At the same time, Adaptive MFA allows Zinnia to offer a diverse menu of frictionless factors to customers — including email, SMS, and voice with the option to adopt biometric solutions as needed. This flexibility is bolstered by intelligent security scores that evaluate risk in real-time, which triggers step-up authentication only when necessary, keeping the user journey seamless.

A predictable foundation for the future of insurance

With Okta’s partnership, Zinnia has evolved identity into a predictable, repeatable, and scalable component of their infrastructure. This identity security fabric has established the architectural stability necessary for Zinnia to move fast without compromising security, especially as they continue to integrate AI into automated insurance workflows.

Moving forward, the Auth0 platform's flexibility ensures Zinnia can continue to innovate and meet customers where they are. This agility is built on the platform's robust feature set, which has transformed client integration into a simple and predictable process.

For Noorani, the key to this agility is the ability to use powerful features as simple, modular components. "Enterprise Connections, MFA, and Universal Login are features we can simply plug and play for our client partners," he explains. "It removes the friction of back-and-forth development cycles, allowing for a much smoother, more efficient integration process."

This has made the entire workflow, as Noorani puts it, “‘boring’ in the best way possible: it’s repeatable, scalable, and something we can rely on. Auth0 has become a seamless component of our infrastructure."