Product/Service: Identity as a Service (IDaaS)
Create an offering for security-conscious customers that want control of their data.
Find a single solution that would work for both their multi-tenant and single-tenant customers.
Enable their customers to achieve PCI and security compliance requirements.
Auth0 was founded in 2015 with a mission to make the internet safer. Today, Auth0 is about 500 employees strong and manages over 2.5 billion logins per month. The company’s universal authentication and authorization platform makes it easy for their customers to add authentication and authorization services for web, mobile, and legacy applications.
The company offers both public and private hosted editions of its flagship product. Auth0 was built around developers and makes it dead simple to add authentication with just a couple of lines of code. In the multi-tenant service, data is isolated and encrypted, but nonetheless, many customers opt to use the private cloud instance on dedicated environments, typically for compliance reasons.
Auth0 selected Teleport to provide secure access to all their customers’ infrastructure, whether it’s hosted in a public or private environment.
Because many of their customers had to meet PCI compliance, Auth0 needed a solution that would provide their customers with the peace of mind that their environments were completely isolated.
The company initially came across the Teleport open source community edition. Because it is open source and supported OIDC, one of the first things they did was add support for Auth0 directly into Teleport; in other words, they authenticate into Teleport using Auth0.
Teleport is a secure, SSH gateway that gives users the ability to grant temporary access to infrastructure. Teleport has built-in role-based access control (RBAC) and automatically terminates sessions after a pre-defined period of time determined by the customer. For Auth0, Teleport is used for customer support both in hosted and private environments.
Auth0 uses RBAC (supported in Teleport) to ensure only the right support staff from the right teams are accessing the right customer infrastructure as needed. Just as importantly, the only connection to the outside for customer infrastructure is provided by Teleport. It ensures that Auth0’s support teams can provide troubleshooting when needed and not have to manage any SSH keys.
Teleport not only stores logs of every session, but records sessions for playback so users can see exactly what was done in each session. Auth0 and their customers appreciated the recordings; they were able to see why something wasn’t in the state it was supposed to be.
In addition to the multi-tenant edition of Auth0, the team currently manages nearly 70 private instances for customers, each with at least 3 environments and up to 12 servers, and each node is accessed through Teleport. As for working with Teleport, it’s been good so far.
“Teleport provided a secure, transparent and easy way for Auth0 to access our customer environments and achieve SSH Requirements and PCI Compliance. It helped our Managed Services Engineering Team to provide support 24x7 to our customers worldwide. We went from about 20 environments to over 120 in less than a year.” Pablo Terradillos, Engineering Manager, Auth0