Auth0: Mistakes to Love
Getting it right: The mistakes
The most commonly cited mistakes in build scenarios had to do with underestimating scope, timing, resources required, and complexity:
“The biggest technical mistake was underestimating how much time and effort it would take to develop a secure and robust [identity and access management] solution. It simply took up way too much time to ensure we were secure enough and could integrate with other identity providers”.
The second most commonly cited mistakes in build scenarios involved designing, planning, and testing:
- “Not making a 100% complete list of regulatory and industry (healthcare) constraints applicable”.
- “Ignoring legacy systems that would be part of a larger implementation plan”.
- Not having a “clear map of internal services/ applications and dependencies”.
- “Incomplete assessment of infrastructure components”.
Mistakes in build scenarios
The most commonly cited mistakes in buy scenarios had to do with integration of the identity solution to apps as well as to other parts of the architecture surrounding the solution.
- “Integration to custom-built solutions has been challenging”.
- Interfaces with other systems, such as customer service solutions.
- Integration with cloud and on-premises platforms.
The second most commonly cited mistakes in buy scenarios involved vendor business issues:
- Problems with the vendor’s roadmap direction.
- Tech support.
- Feature options.
- Not based on standards.
Mistakes in buy scenarios
Other elements you are deciding on with buy versus build:
- Skill, roles, and resources were much less of a problem in buy scenarios versus build, and the problems were of a different nature. In build scenarios, the primary issue was internal skills. In buy scenarios, this still mattered, but there was also an issue of external consulting resources. For example, having to rely too strongly on external expertise to get the solution running.
- Poor execution and implementation mistakes that were present in the build scenarios virtually disappeared in the buy scenarios.
- Scope estimation was less of a problem in buy scenarios, representing only 7% of mistake mentions compared with 20% in build scenarios.
Mistakes in the architecture surrounding identity
Firstly, the most commonly cited mistakes in terms of the architecture surrounding the identity solutions had to do with designing, planning and testing:
- Not properly assessing the current (and sometimes inherited) environment.
- Considering identity factors like SSO, multi-factor authentication and social logins too late versus earlier on in development.
- Not taking the time to fully understand the identity solution and map out objectives.
- Starting too big versus too small and then scaling. Also not testing small bits and then scaling after successful tests.
Moreover, mistakes mentioned in the architecture section exclusively:
- Resiliency, delivery model, microservices, and continuous delivery models.
- Overall platform standardization.
- Storage of user names and passwords, other data issues.
- Cloud versus on-premises considerations.
Finally, there’s much more in the complete and free ebook “Mistakes To Love: A Survey of Identity Mistakes”. Take the opportunity to download and read whenever you want or consult whenever you need.