0:00

You are listening

0:00

to the Platform. A podcast to

0:06

learn about our digital worlds.

0:06

I am Mike Veldhuis, partner at

0:10

Nalta.com.

0:11

Hello, I'm Jas Sagoo.

0:11

And I'm head of solution

0:14

engineering and professional

0:14

services at Auth0 International.

0:19

Welcome listeners

0:19

to episode number 11 of the

0:23

platform and presenting this

0:23

episode together with Jas.

0:28

Welcome back Jas.

0:30

Hey, Mike, good to see you again.

0:32

Yeah, great fun

0:32

already episodes number three

0:36

and a little bit compared to the

0:36

episodes I had with Ed Macosky,

0:41

we're gonna look at the future

0:41

of authentication of identity

0:46

management, which is great fun.

0:46

But before we do that, I really,

0:52

really, really want to talk

0:52

about how you do you actually

0:56

implement a solution like Auth0.

0:56

This is something I would like

1:01

to talk with you about at this

1:01

first part of this episode. Jas.

1:05

Great question. Mike.

1:05

Look, you know, the goal around

1:11

Auth0 is that we want to try and

1:11

implement and integrate the

1:15

platform with, you know, a

1:15

customer's application within 30

1:19

days.

1:21

30 days. Yes.

1:21

Okay.

1:24

And why say 30 days

1:24

is because, and I'm saying this

1:27

because, you know, it could be

1:27

could be simple and advanced use

1:30

cases. But just to give you an

1:30

example, if you have a standard

1:34

application, like for example, a

1:34

single page application, we have

1:40

all 50 SDKs. and using leverage

1:40

of the SDK, you can integrate

1:45

the login page within four minutes.

1:48

Okay, so to

1:48

understand this correctly, a

1:52

customer or a listener to this

1:52

podcast, has a platform. And he

1:59

is using, for instance,

1:59

Salesforce. And he is using

2:03

maybe a custom made application.

2:03

And he wants to have a portal,

2:07

he wants this front door to his

2:07

environment. And you're telling

2:11

me that is done in a sec.

2:14

It is done in four

2:14

minutes. Yes, because we have

2:17

all that we have all the SDKs we

2:17

have all the snippets of code,

2:20

we have all the necessary

2:20

information that you need, you

2:23

have to create an integration.

2:23

Now, there may be instances

2:26

where we don't have an SDK for a

2:26

very, you know, I would say

2:31

extremely bespoke application.

2:31

But still, I would say, under a

2:36

couple of hours, you have the

2:36

login box integrated. That's how

2:39

quick we can do it.

2:40

Yeah. I learned a

2:40

lot about the solution, because

2:48

we implement it and we have

2:48

discussions with customers. And

2:52

there happened something very

2:52

recently that you merged with

2:57

Okta. Right.

2:58

Correct.

3:00

And we have not

3:00

spoken about this in the

3:03

previous two episodes.

3:03

Listeners, we didn't talk about

3:06

this in our rehearsal, or the

3:06

script, but it just popped into

3:10

my mind. The difference between

3:10

the two solutions and how they

3:14

complement each other. Because

3:14

what we've been talking about is

3:21

really talking about the more

3:21

developer side of

3:26

authentication, right, and

3:26

that's the space where Auth0

3:29

sits. And that's really

3:29

different to what Okta does.

3:32

Correct. So, let me

3:32

try explain. So, Okta is is a

3:38

very well established

3:38

organization to provide identity

3:43

and access management solutions,

3:43

both for the workforce right and

3:46

for sign. Octa focuses on a

3:46

different audience, right the

3:53

audience for the Okta platform

3:53

is an audience who prefer the

3:59

integration to take place

3:59

through configuration, and that

4:04

configuration starts mostly on

4:04

the workforce side. So if you

4:07

look at any enterprise

4:07

organization, they have you

4:10

know, they could range from 10s

4:10

to hundreds or 1000s of

4:13

enterprise applications. And all

4:13

they want is the ability to have

4:17

single sign on and manage their

4:17

users very easily and also

4:21

integrate with these

4:21

applications very quickly. And

4:25

all the rules and all the other

4:25

flows and so on need to be done

4:29

in a very configurable manner.

4:29

Not code so if you look at IT,

4:33

IT like configuration, they don't like coding.

4:37

Okay, that's the

4:37

main difference. Yet, I realized

4:41

that we should mention Okta,

4:41

because in the example I gave

4:43

you was like, your tailor made

4:43

application and Salesforce,

4:49

which is a typical environment,

4:49

most of the time, a little bit

4:53

more complex, where you would

4:53

find an Auth0 like, or an Auth0

4:59

solution. To make it even more

4:59

specific, what kind of use cases

5:07

do you see? Are you exposed to

5:07

every day that customer face?

5:15

Where are you are very

5:15

successful with this solution,

5:17

your Auth0 solution?

5:19

Yeah. So Mike, so

5:19

I'll connect this before, again

5:22

into the when you asked me how,

5:22

what about integration and

5:24

deployment of Auth0? So then use

5:24

cases that tell you nine out of

5:29

10 times is, we have developers

5:29

building applications, right?

5:34

The login box, or the front door

5:34

is the last thing on their mind,

5:38

right? And they realize, Oh,

5:38

God, we've got literally two

5:41

months to go live. And we

5:41

haven't done this. So so they

5:44

come up, come to us quickly, and

5:44

they say, How can we quickly

5:47

integrate an identity and access

5:47

management solution? So that's

5:52

first that's, that's the use case, they need need to do something very quickly. And the

5:53

need to kind of use the code,

5:58

you know, to go and build

5:58

integration. So that's the first

6:01

thing. The second thing, Mike,

6:01

that we didn't talk about. And I

6:03

talked about, you know, the login box happens in four minutes. But the other thing

6:05

that's important is, you know,

6:08

how do you mind sometimes

6:08

there's an existing solution in

6:10

place existing users? How do you

6:10

migrate those? Yeah. So this is

6:14

the other use case that Auth0 is

6:14

really good at is how, you know,

6:17

we provide very flexible ways of

6:17

migrating those users.

6:22

What would be the

6:22

source of where you migrate

6:26

from, is that like an active

6:26

directory or something like

6:29

that,

6:29

it could be something

6:29

like that. Or it could be just

6:31

a, you know, database with

6:31

usernames, users and password

6:34

username and passwords, it could

6:34

be another identity and access

6:37

management solution on prem. So

6:37

it could be it could be a lot of

6:40

these solutions. We provide all

6:40

the hooks and all the ways to

6:43

integrate into these and pull

6:43

the users across into Auth0.

6:46

Now, Mike, here's where the

6:46

magic happens. We can do, you

6:50

can do the migration scenario,

6:51

if you're listening to the podcast, you can actually see him smile,

6:53

which is funny.

6:58

Because I am really excited about this stuff, because it's so clever. So we

7:00

could we could do is we could

7:03

migrate the users all at once.

7:03

But what we could also do

7:06

something called lazy migration.

7:06

So which means that once you've

7:11

migrated users, or once you

7:11

migrate your users, as they log

7:15

in into your app.

7:16

As they use the

7:16

application, right? It's like a

7:19

proxy in between?

7:20

Correct. So it means

7:20

no password resets, you know, no

7:24

disturbance, the user experience

7:24

is completely seamless.

7:26

Oh, wow. Yeah, I

7:26

do remember, these kinds of

7:31

solutions in the storage world

7:31

where you buy a new storage

7:34

solution. And it's, it sits in

7:34

the path to the old storage, and

7:38

every, every time you touch

7:38

data, it's it's being migrated

7:43

in the background. But actually,

7:43

I didn't notice that it actually

7:47

happened in the Auth0 solution

7:47

as well, which is awesome. You

7:51

might be on my days at EMC.

7:51

Okay, cool. Is there? Could you

8:03

share any numbers about the the

8:03

adoption of like, more like the

8:10

the Buy kind of solutions, the

8:10

Buy solutions, Auth0? Is there a

8:14

stark trend? are you growing

8:14

fast?

8:18

So, recently, we did

8:18

a survey. And what the survey

8:23

looked at was the propensity for

8:23

organization, to use the same

8:28

identity solution for their

8:28

second, third, fourth and fifth

8:32

projects. And what we found was

8:32

that, in the Buy use case, the

8:39

experience and the propensity

8:39

to, to use the same solution was

8:43

increasing, okay. Whereas in the

8:43

build, that was decreasing,

8:51

because when you build the first

8:51

time you're building for a

8:54

specific application. Exactly the second application

8:57

that they picked quite

8:59

different. So we saw a kind of a

8:59

reduce reduction in user

9:03

experience, and in a propensity

9:03

to use that same solution

9:07

Makes sense. And

9:07

that's even more increasing into

9:10

the future, which is a great

9:10

bridge to the second part of our

9:15

discussion in this podcast is

9:15

that is there. I would like to

9:20

know what is going to happen in

9:20

this world of identity

9:26

management, what are the things

9:26

that are going to happen in the

9:30

future? And then I'm talking

9:30

about the near future and maybe

9:34

a little bit more distant

9:34

future, but start with the near

9:37

future? What what's what's coming.

9:39

So Mike everything

9:39

that we do is probably all in

9:44

this space is probably driven by

9:44

the consumer and by the user.

9:47

Right? And what i see all the

9:47

users and consumers want, they

9:54

want frictionless access to

9:54

their services.

9:58

I love that word frictionless.

10:00

Right. That's what

10:00

they're looking for. Right? We

10:02

all want frictionless, right?

10:02

That's, that As humans, we lazy

10:05

we don't we don't. We expect

10:05

everything else, all the

10:09

complicated stuff to be taken

10:09

care of. And so you're asked me,

10:13

What do you mean by frictionless? I'm talking biometrics. Okay, I'm talking

10:15

passwordless. That's what I'm

10:20

talking about. And in how you

10:20

integrate into devices,

10:25

biometrics, for example. So for

10:25

example, you know, today laptops

10:29

phones have had biometrics, how

10:29

do you use those biometrics to

10:32

access your application.

10:34

But that's, for

10:34

instance, I got my iPhone, and I

10:36

use the camera to login. That's

10:36

what's your talking about.

10:39

Right? Correct. So

10:39

zero effort, because it's a

10:43

trusted device. So that's gonna,

10:43

you're gonna see an increase on

10:46

that. But also, you'll see

10:46

incredible, clever stuff coming

10:50

out. So you know, if someone

10:50

asked me the question of the

10:53

day, what if someone used a

10:53

picture? You know, for facial

10:57

recognition, you know, usually

10:57

clever stuff, like, you know,

11:01

the, the software looking at

11:01

waiting for someone to blink. So

11:06

they know it's not a picture. So

11:06

it's going to using all his

11:09

clever, ways of, authenticating

11:09

individuals, we look at gait and

11:14

so on, of what gait, you know,

11:14

how the person walks, for

11:19

example, silly walk, like, Yeah,

11:19

all over the world, for example,

11:23

you if your front house, your

11:23

door, right, you want to come

11:26

in, you want a camera, you know,

11:26

it recognizes that this is your

11:29

style of walking and posture, it

11:29

will open the door. So you'll

11:34

see all this development coming

11:34

very soon.

11:37

Okay, cool. I

11:37

actually, I'm not sure, maybe

11:41

I'm wrong, but I saw an example.

11:41

Usually, you log in, and you

11:46

have your, your name and your

11:46

password, and then your

11:50

authenticator, your one time

11:50

password, and they reversed it.

11:54

So it's your login name, your

11:54

one one time password, and then

11:59

your passwords, they were doing

11:59

all clever stuff. To lower the

12:04

load on the security system

12:04

itself. It's, it's, yeah,

12:09

probably a fairly simple way of

12:09

dealing with that kind of

12:13

problems.

12:14

Yeah, it is. And and

12:14

look, every use case is

12:16

different. Every application is

12:16

different, you know, and

12:19

depending on all the services

12:19

you're accessing, how how, are

12:24

the valuable services. So,

12:24

again, again, any identity

12:28

solution should be able to give

12:28

you a mixture, and a choice and

12:30

option, which one you want to

12:30

utilize during authentication.

12:33

Okay. So we

12:33

talked a lot about the

12:36

authentication of the user to a

12:36

system, we at Nalta love to

12:41

build IoT solutions as well, and

12:41

things have to authenticate as

12:44

well. And then we have, of

12:44

course, machines that are

12:47

talking to each other, and there

12:47

has to be some way of

12:50

authentication as well. What's

12:50

your view on that?

12:55

Look, this is going to be the area that we're gonna see the largest growth in

12:57

without a doubt, right? You

13:01

know, you're seeing the

13:01

emergence of 5G right being

13:05

launched, you're gonna see that

13:05

kind of spreading throughout the

13:10

industry, what you also see is

13:10

edge devices, and so on. And all

13:15

these IoT devices, these edge

13:15

data centers, while they're

13:19

gonna rely massively on is on,

13:19

you know, the ability to do

13:22

machine to machine

13:22

authentication, because Mike,

13:25

this is another opportunity for,

13:25

I would say, for threads to

13:29

increase if someone can mimic

13:29

another machine, then you know,

13:32

the gain entry into the system.

13:32

So, therefore, machine to

13:36

machine is not different, they

13:36

need to be identified, they need

13:39

to be authenticated and then

13:39

authorized to access certain

13:42

services. So, this is an area

13:42

where we will see a lot of

13:46

increase. So especially in the

13:46

will also in the domestic home,

13:50

heating systems, cameras,

13:50

sprinkler systems, they these

13:55

are all examples of machine to

13:55

machine and you will see an

13:57

accelerated hypergrowth.

13:59

And we have

13:59

becoming more and more dependent

14:01

on it. We already talked about

14:01

that. And it's really sensible

14:05

data that we're talking about.

14:05

So it makes sense to protect it.

14:10

This is really inspirational. I

14:10

think this topic we should talk

14:14

about a little bit with a little

14:14

bit more depth in the

14:18

masterclass that we're going to

14:18

organize to seventh of October,

14:21

and I expect people to ask

14:21

questions about this because

14:24

it's tangible. And on the other

14:24

hand, it's like, what is

14:29

happening, we are aware that we

14:29

have to protect, but what is the

14:33

best way to do it and what kind

14:33

of risks are there?

14:37

So one quick point on

14:37

that on that we probably can

14:39

touch on the masterclass is, the

14:39

maintenance of IoT devices,

14:45

sometimes, you have you have the

14:45

ability for machine to machine

14:50

but sometimes you need a human

14:50

engineer to access these for

14:53

maintenance purposes. So, again,

14:53

we need to talk about, the

14:57

authorization levels

14:57

authentication is one thing, the

14:59

authorization levels, how

14:59

engineers will gain a different

15:02

level of access to those edge

15:02

devices and IoT devices. So

15:06

again, we can talk about

15:06

protocols. We have talked about

15:08

all the depth in the master

15:08

class.

15:11

Thank you. Thank

15:11

you so much. Jas. We're already

15:14

at the end of Episode Number 11.

15:14

And if you're watching on

15:21

YouTube, you probably recognized

15:21

it. Or saw it when you're

15:25

listening to the podcast,

15:25

obviously not. But I chose a

15:29

background and we like two fire

15:29

houses it is like crazy. It

15:33

sounded like a great idea but

15:33

yeah, we'll recover in the final

15:39

episode, episode number 12,

15:39

where we're going to talk about

15:42

the great balancing act. Thank

15:42

you, Jas. Thank you, listeners.

15:47

See you next time.