Software as a service (SaaS) companies typically start with a stream of fairly small accounts that call for low-friction sign-on capabilities, but as they grow, they tend to feel stuck when their existing identity management solution no longer meets their needs, according to Tyler Warnock, CEO of Userfront, an authentication and identity management startup.
Userfront offers a single platform that can grow from individual or freemium accounts to customized enterprise levels, helping organizations capture potentially missed opportunities to build revenue.
“We’ve talked a lot about transition points internally, where, because we’re dealing with SaaS businesses, they often go through patterns within their company,” Warnock said. “They’ll hit a roadblock a couple of years in … because they chose a basic login that’s not scaling to meet what they need. And so when they do that, they basically have two bad options: They can either try to extend what they have, which wasn’t made to do what they’re trying to do, or they could try to migrate. And the migration process in particular is fraught with lots of uncertainty. People don’t really know how to go about it; it can take nine months to a year.”
The San Jose, California-based company is specifically focused on helping SasS companies win customers and thus increase revenue through improved identity management. It offers a pathway for clients to incrementally add new features, upgrade customers to higher account tiers and eliminate churn among larger companies that require higher-level security and compliance capabilities.
Eliminating Complexity
At TNS, Mary Branscombe has explained the difference between authentication, verifying a user is who they say they are, and authorization, which determines what that person is allowed to do once inside the system. The two principles are foundational to zero trust security.
While solutions like Auth0, OpenID Connect and various open source projects have been working to make identity management easier for developers, startups like Oso and Stytch are on the case as well.
Userfront grew out of StartX, a startup accelerator associated with Stanford University. Its team in 2020 spent three months talking to 150 developers about what they did and didn’t like about identity management. Basically what they found developers didn’t like: complexity.
So Userfront was built on three core principles:
- It should have all the major features
- It should be secure by default
- It should be easy to use without deep domain knowledge
“Most of what’s out there is really about a new kind of widget. We wanted to take it more as like, ‘OK, the widgets are like table stakes. How do you actually turn that into something useful?’” Warnock said. “We framed it specifically for customer-facing software. Because scaling SaaS and hitting growth metrics, it’s really hard, right? It’s probably the most competitive it’s ever been. And you have to really nail what your customers care about. So Userfront is founded to give software companies a leg up on serving their customers better.
“In addition to all the basics— passwords, passwordless, sign-on with Google, you know, MFA (multifactor authentication), full feature authentication, role-based access control, multitenancy …once you have that base, which we do, there’s kind of two extremes that you care about,” he said. One is getting started quickly while the other is making migration simpler.
“Historically you’ve had two choices here,” explained Joseph Ruscio, general partner at Heavybit, “either building an internal solution for each type of customer or alternatively purchase and manage identity split across multiple products. Userfront sets itself apart from the field by not only embracing modern frontend frameworks, but also by recognizing that modern B2B software product have different classes of end users and enabling you to meet all of your customers where they are in one product. You select the services that are appropriate for your end customers with a suite of capabilities built for enterprises that can be streamlined for SMBs.”
Heavybit led Userfront’s recent $5.3 million seed funding round.
He added that Userfront was built for a component-based world: “The first generation of cloud native IAM products was built and designed for the world of server-side, full-stack web frameworks that dominated application development 15 years ago where identity management primarily happened on the backend via APIs. As application development has shifted toward sophisticated frontend frameworks, so has identity logic, and trying to stitch together all these workflows in a frontend app using coarse-grained APIs has become increasingly painful.”
Starting With a Single Line of Code
Warnock explained that the system was built on three layers and that getting started can be just a single line of JavaScript.
First, there’s the API layer that provides access via Jason Web Tokens (JWTs). It meets security and compliance requirements including SOC 2, GDPR and data residency Then there’s the SDK layer. Its JavaScript SDK is native code that you can add into your application that calls the Userfront API. On top of that is what the company calls the toolkit layer, which are things like signup, login and password reset forms —user interface components that use the SDK to call the API.
“We can give you, for example, a one-liner, that automatically expands out into a fully featured login flow,” Warnock said. “So you could add that to your site, one line of code brings with it the styling that you want. And with that, whatever you’ve configured to do, it will automatically work. So if you said, ‘I want to have Google SSO login with email via a link option. And then I want to have a second factor of SMS verification code,’ they’ll already be wired up to do all those things. You just need to put the one-liner there.”
It also offers Sidecar, a tool to make user-account migration transparent and secure without requiring password resets. Sidecar is a TypeScript abstraction layer for backends that mimics other authentication systems to make migration easy with minimal code changes and no impact on end users.
You can read the migration story of pay.com.au by Roi Avidan, head of technology. He explains that its existing solution, AWS Cognito, didn’t offer the features the company needed and why he passed on competitors Auth0 and Okta.
TRENDING STORIES
YOUTUBE.COM/THENEWSTACK
Tech moves fast, don't miss an episode. Subscribe to our YouTubechannel to stream all our podcasts, interviews, demos, and more.
