Auth situation report

This article does a good job of breaking down a lot of the concepts of authentication, authorization and access management. Note that this is from a vendor; you’ll be unsurprised to see the vendor’s name in most of the categories as a leader.

But it still has some great tidbits. One example:

When picking a solution [for authentication], make sure that all the login options your users will care about are supported, that may include things like passkey, WebAuthn, or passwordless login, on top of the most common social logins. Also check if there’s an enterprise tax and whether you have to pay extra for SSO integration. Some providers charge for the number of users and also for the number of customers and each extra SSO integration you add.

There are a few potential gotchas here. Sometimes an aggregator promises support of all the different login providers but when you go ahead and try to integrate, you end up having to do all the hard work yourself. That’s something you can only evaluate through a proof of concept. Most of the open source frameworks fall into this category. There’s usually multiple extra packages, and whole sets of additional configuration to set up.

Another thing to look for is reliability - you need an SLA that’s at least as good as the one you plan on offering yourself. If login is down, your software is down.

That last point resonates. If your login system is down, your software is inaccessible to your users. Consider this carefully when choosing a provider.

Dan