We use it as an authentication platform for our customers.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We use it as an authentication platform for our customers.
With Auth0, you can stop the effort of having to keep up with the progress being made in the security and authentication world, like better protocols, better encryption, and better ways to connect with other systems. It's all managed in Auth0. At the organizational level, you stop worrying about how to connect Facebook users to your application, or how to connect with a customer's internal authentication system to log in to your systems. These were questions that, three years ago, we decided to develop answers for ourselves, but with Auth0, each integration now comes out-of-the-box, and it's only a matter of configuration.
It's a very powerful platform. It has the ability to do the usual stuff, according to modern protocols, like OIDC and OAuth 2. But the real benefit of using the platform comes from its flexibility to enhance it with rules and, now, with what they call authentication pipelines. That is the most significant feature, as it allows you to customize everything regarding the authentication and authorization process. I would rate its flexibility between a nine and 10, out of 10.
For example, one way to authenticate into our system is to log in with Google. Our service is not one that you can simply sign up for through the internet and then start using. You need to talk with one of our technical account managers, sign a contract, and then we start everything for you. So when a user logs in with Google, it means that every user on the internet can log in to the system. We needed to find a way to know if a user was already defined in our systems, and otherwise, to reject him. We wrote a simple Auth0 Rule to get the user's email from Auth0 after he authenticated, and we then use an API in our backend system to check if the user is legitimate. In this way, we filter out all those who are not our paying customers.
In addition, we like the integrations that are built into Auth0. For example, it has a built-in integration with Zendesk. It's very easy to set up new SAML and SSO integrations with our customers, as it supports all IDPs out there, like Okta and Azure, among others.
Auth0 also has a very rich selection of social connectors that allow users to connect with their social accounts. We mostly use Google, but they support many others. In addition, their user interface is very intuitive.
Lately, it looks like they have been very responsive to customer needs since they brought out the Organizations feature in the last year, which is a very nice feature that helps customers like us to manage our customers. It's targeted at enterprise-scale solutions, allowing us to manage multiple organizations within the same tenant. We are seriously considering migrating to this feature. It's a process, but we feel that it will better support the customer model that we have in Kenshoo. We also need to be able to support customized login screens with different company logos. All of that is supported by Auth0, so this probably would be a much more important feature for us than the rules themselves.
When they introduced the Organizations feature they did support different login screens per organization. However, they introduced a dependency between this feature and another called the New Universal Login Experience. The New Experience is a more lightweight login screen, but it is much less customizable. For example, today, we are able to fully customize our login screen and even control the background image according to the time of day. We have code to do that. But we are not able to write code anymore in the New Experience.
We really want to take the Organizations feature, but on the other hand, it is coupled with the limitations of the New Experience. That is why we have put the Organizations feature on hold. It is lacking some customization abilities.
I've been using Auth0 for approximately three years.
An important feature is the very good availability, the high availability. In the last three years, we have only faced one major outage in production.
For us, scalability is less relevant. Our service is not characterized by millions of users. It's not like Snapchat or Instagram where you need to deal with a massive number of users. In our case, there are a couple of dozen users per customer. We have about 2,000 active users per month, meaning that a huge user base is not the nature of our business. As a result, I can't really say anything about Auth0's scalability.
I do believe that they are prepared for a much larger scale than ours. That's the feeling I get from my experience with the platform.
When we faced problems with Cognito, we opened a ticket with Amazon and the response was horrible. Interacting with Amazon is really bad, especially if you have a problem and you need a fast response. And after a couple of tries, we moved to Auth0.
With Auth0 you pay more than you do for Cognito, but you also get premium support. That means that you get a reply according to the severity of the ticket that you open, and that reply comes very quickly. Even for normal severity tickets that I have opened, I have always received a response on the same day. And generally, they have been very satisfactory responses.
The only exception is when it comes to the features that we lack, but that is not something that support can help you with. That is more the type of topic you take to the product management team, and I respect that. I don't expect support to give me an answer or a solution for everything.
We also have a quarterly talk with them where we can raise any issues or feature requests we have. The support we get from Auth0 is one of the reasons we went with them and one of the reasons that we stay with them.
Positive
We had developed something like this in-house some six years ago. Over time, we identified that it was a problem for us to chase the requirements and the changes needed to support more modern authentications, like SAML integrations, multifactor authentications, and other advanced security protocols. So we decided to try to find a vendor that would provide this for us.
The initial setup and deployment of Auth0 was pretty straightforward. But to be honest, we are only using 40 to 50 percent of the features they provide. And when we started, we were only using about 20 percent of the features, only the authentication part of it. Our use of it was fairly simple.
We initially started down this path with Cognito from Amazon. We wrote the whole integration with Cognito and, about two months into that integration, we found a critical issue that we couldn't live with. We didn't get a decent answer from Amazon about it, so we decided to move on to another vendor.
Auth0, obviously, didn't have that issue. The bottom line is that it took us something like two or three weeks to migrate the whole thing from Cognito to Auth0. So in terms of the setup, that was pretty fast. Even migrating from an existing, competitive service, another IDP, was not that complicated. Again, it depends on how many of the features you are going to use. We decided not to go with features that couple us to the vendor so that we would not be locked in. That is what allowed us to migrate to Auth0 in two weeks.
We haven't calculated how much development we have saved by going with Auth0 and whether that justifies the cost of our three-year contract with them. My gut feeling is that it has been worth it, but it's on the edge. I would expect some more flexibility on the licensing, but all in all, I think it was worth it, not having to develop this in-house.
We haven't measured whether we have seen a decrease in customer support tickets due to fewer password issues, but my sense is that maybe there has been a small decrease because the flow is standardized. In addition, we are no longer responsible for sending emails when issues arise or for making sure the email server is up and running, et cetera.
Pricing of Auth0 is a pain point. Their pricing model is very confusing, at least for an enterprise. I don't like their pricing model. I think it's too aggressive. It's not very cheap for a service that only does authentication. There are some cheaper services, and we find the negotiations with them to be pretty tough.
One of the benefits of Auth0 is the SAML integration with SSO and other IDPs but it is priced very high. I would expect this ability to be included, because we pay them good money, and not priced the way it is priced today. This is one of the areas where we are not happy with Auth0.
We chose Auth0 after we did some research into other candidates. We looked into Cognito by Amazon because it was the cheapest.
We also looked at Okta, and although this might have changed in the last three years, at that time Okta didn't have a clear strategy to support a large volume of customers. It looked like they were more focused on enterprises and their pricing model did not work with the needs of a customer-facing authentication system. Today they have an offering for that, but three years ago it wasn't like that.
We also looked at some on-premises solutions, like Shibboleth, but we didn't seriously consider them.
We could manage without Auth0 Rules. We built an architecture in which all the communication to and from Auth0 is centralized in a single service, within our company. We could add this business logic to our service and have the same functionality. But the fact that it's available for us in Auth0 means we don't need to change our code or our service to support it, and that makes things a little bit more convenient. On a scale of one to 10, the importance of Auth0 Rules for us would be a seven.
The biggest lesson I have learned from using Auth0 is that when a company does something very well, you are probably better off using their service instead of trying to do it yourself. Doing it on your own requires investing in the development and the maintenance of it. Also, things change over time and you have to keep up. The policy in our company is that whenever a company does something very well, and it is not our core business, and the price is reasonable, we might want to pay them to externalize that product or service.
We use Omada Identity to manage all our users across our various platforms. We estimate there are three or four in total. This includes managing target systems, administrative users, and groups.
Omada offers a clear roadmap for deploying additional features. This transparency allows us to stay in close contact with them and discuss desired improvements. We can leverage user groups as a forum to collaborate with Omada. By bringing together all application users, we can effectively identify areas for improvement and work with Omada to implement them.
In addition to my role managing user and group permissions, our system allows users to directly request access to resources. While anyone can request access to anything, it still requires approval. Resource owners have a clear overview of what they control and who has access, ensuring both users and owners are aware of access permissions. This transparency, previously unavailable in our old environment, is a major benefit of Omada Identity. It creates a more user-friendly experience compared to systems where we solely manage access and users have no way to request it.
Omada's focus on fundamentals and best practices streamlines our IGA deployment, achieving it within a 12-week timeframe. Their dedicated team, including our designated groups and partners, consistently provides prompt and helpful responses to our inquiries. This experience reinforces my confidence in the successful implementation of Omada Identity.
Omada Identity offers a significant advantage over our previous system. With Omada, we gain a much clearer overview of user access across all our target systems. This eliminates the need for direct administration within each system, which is especially beneficial when managing more than three or four. In essence, Omada provides a centralized view of which applications each user can access within our entire system landscape. This consolidated view is, in my opinion, the most valuable benefit of using Omada Identity.
Omada's Identity Analytics is a valuable tool because it empowers us to make informed decisions quickly. Traditionally, this would require sifting through numerous pre-built reports or even creating custom reports from scratch. Thankfully, Omada streamlines this process. The system allows us to easily export data into a format like Excel, providing the flexibility to analyze information in whichever way best suits our needs. This makes it a powerful feature for not only understanding the data within Omada but also for presenting it to others in a familiar and accessible format like Excel spreadsheets.
Omada's Identity Analytics has helped reduce the manual overhead involved in our identity management process because it is user-friendly.
Omada's Identity Analytics has helped reduce the cost of the identity governance administration program by 50 percent. It is easier to do reviews now with Omada.
Omada Identity is configured to automatically disable access for employees who have left the organization. This means that when an employee departs, their access to company systems and data is immediately revoked without requiring manual intervention. This automated process helps to improve security by ensuring that former employees no longer have access to sensitive information.
From a management standpoint, Omada Identity gives us confidence that we have a secure environment. It prevents users from accessing unauthorized certifications, which is a significant improvement over our previous system. Management strongly supports our use of Omada Identity. Ideally, they would like all applications to be integrated with Omada. This would allow Omada to handle the governance of all user access, ensuring continued security and compliance.
We regularly conduct surveys for managers and resource owners to ensure that no one with access to the application has left the organization and could potentially cause a data breach. I believe this certification survey feature offered by Omada is a valuable tool.
Omada's role certification surveys streamline the onboarding process for new employees. By pre-defining access permissions based on roles, new users can begin exercising the permissions they need to perform their jobs from day one. This role-based management approach simplifies onboarding and ensures new hires have the resources required to be productive quickly.
Our role certification surveys have been instrumental in maintaining compliance and security standards. While the completion rate isn't perfect, it's steadily improving. It's important to note that achieving a high completion rate takes time. We need to follow up with all role owners and relevant individuals to ensure they complete the surveys. This can be challenging as it requires managers and resource elements to dedicate some time to the process. As a result, completing a full survey cycle can take some time.
Implementing role-based access control has positively impacted our organization's security posture. Managers no longer need to submit additional access requests for their team members. This simplifies the approval process, as they can simply assign pre-defined roles that grant the necessary permissions for each job function. This approach strengthens security by ensuring users only have access to what they need, adhering to the principle of least privilege. The onboarding process is also streamlined, as new hires automatically receive the appropriate permissions based on their assigned role. Additionally, access is automatically removed upon departure, eliminating the risk of lingering privileges. Overall, role-based access control has significantly improved the efficiency and security of access management for managers across all departments.
Omada Identity significantly reduces the time it takes to provision access for new users. In an ideal scenario, the entire process is automated, eliminating manual intervention. This means new employees receive the necessary access to begin working immediately on their first day. Overall, Omada Identity represents a major improvement in streamlining user onboarding.
Omada Identity streamlines access management by consolidating disparate systems into a single platform. This means no matter our location, device, or required applications, as long as they're integrated with Omada, we'll have the access we need to be productive. In short, Omada offers a flexible solution for managing all our access needs in one place.
We streamline access requests by incorporating them into existing roles whenever possible. If a department frequently requests access to specific systems, we recommend adding that access to their current role. In cases where no suitable role exists, we'll create a new one to accommodate their needs. This approach ensures new department members don't have to resubmit access requests, saving everyone time and effort.
The need for new user calls is low because users typically get the access they need right away. The most common questions they have are simple things like password resets. Of course, the service desk or help desk is always available to assist, but their workload for access requests is minimal since most users have the necessary permissions from the beginning. This streamlined process reduces the overall need for new user support.
The key benefit of Omada Identity is maintaining complete control. We have full visibility into user access privileges. Additionally, Omada Identity provides a rich set of tools for conducting surveys and reviews. This is particularly beneficial for audits, as it simplifies demonstrating access details to auditors. We can easily show them who has access, who granted it, and the approval process – all within Omada Identity.
The current reporting tools in Omada are limited, but we expect significant improvements in the new version. While our current version is outdated, attending user meetings with Omada might be beneficial to voice our needs and influence future updates. However, upgrading our current version isn't an option right now. Instead, we'll migrate our applications to the new Omada version to gain access to its improved reporting functionalities. This is due to our recent merger; the company I previously worked for used the older Omada version, while the new company utilizes the latest one. By migrating applications, we'll benefit from the new features, especially the enhanced auditing tools. These improved tools will allow auditors to generate reports themselves, saving us valuable time. It's great to know that Omada is already working on this functionality, making it a valuable addition for the future. While there's no immediate solution for our current version, the new Omada promises significant improvements.
I would rate Omada Identity for 5 years.
Omada is stable.
The new version of Omada is scalable.
We currently utilize two partnered consultants for support. These consultants assist us with any difficulties we encounter within our environment or the solution itself. Additionally, we have access to Omada support. However, it's important to note that Omada's typical response is to recommend an upgrade. We're aware of this approach.
Positive
The initial deployment of Omada was a bit complex, but Omada itself is not to blame. The complexity stemmed from our application. Omada required some customization to work effectively with our application. This customization is also the reason we are hesitant to upgrade Omada. Upgrading would be very time-consuming because of all the functional changes we have made to our application.
The full deployment of the application took a year and a half to complete. The deployment team comprised ten people in total, including the project manager, coders, and myself as a tester.
Omada was helping us with the implementation from the start along with one of their partners. The partner was ICY but they no longer exist. They are now part of Columbus.
We also evaluated SailPoint but selected Omada for its view, functionality, and price.
I would rate Omada Identity 9 out of 10.
Our Omada deployment spans multiple departments and roles. It manages 40,000 resources across four applications in three countries.
While we're hesitant to upgrade due to the complexity of maintaining our current on-premise version of Omada Identity, I understand the newer version is an improvement. While it likely won't be a completely effortless process, it should be significantly easier to manage than our current system. Currently, the maintenance burden falls solely on one person.
Omada is a stable solution that works well.
