enterprisesecuritymag

FusionAuth: CIAM by Devs, for Devs

Follow FusionAuth on :

Brian Pontarelli, CEO, FusionAuthBrian Pontarelli, CEO To web and mobile app developers the world over, FusionAuth—a free-to-download customer identity and access management (CIAM) solution—must feel like a godsend. After all, they can download and install the identity platform with a single command, integrate it with any codebase, run it on any platform, and deploy it on any server, from anywhere in the world in minutes. By removing the challenges to deploy, test, and integrate the platform, FusionAuth has made it simple for developers to discover the robust identity management features it delivers. The developer community has taken notice: FusionAuth has been downloaded by over 66,000 companies and developers across six continents since the Identity as a Service (IDaaS) solution debuted last September.

The road traveled by FusionAuth, however, hasn’t been the most direct or smooth. In fact, the genesis of FusionAuth came from challenges they faced while struggling to integrate existing identity systems with their successful profanity filter and moderation solution CleanSpeak. FusionAuth CEO Brian Pontarelli explains, “Our CleanSpeak solution was built from the ground up to meet the demanding needs of modern applications, but it took an excessive amount of time to integrate it with existing CIAMs. They were clunky, bloated solutions with complicated configurations and vague descriptions. Designed decades ago, they relied on old frameworks and archaic directory concepts. Developers working with new and powerful platforms were getting saddled with outdated tools and struggling to integrate CIAM features. We decided to build a new next generation solution and avoid all the old technology and terminology.” Staying true to this vision, they replaced legacy terms such as directories, subjects, and object names, with understandable terms like users, applications, and roles that make sense with modern application architectures. The Colorado-based CIAM solution provider spent nearly four-and-a-half years working with their existing enterprise-level clients to identify, develop, and battle-test identity features in high-volume, real-world scenarios.

API-First Effort with Comprehensive Documentation

On this quest to modernize and simplify CIAM for developers, FusionAuth focused on creating an API-first solution. All the features and functions of the platform including the applications, tenants, integrations, reports, emails, audit logs and user interface (UI) all rely on the core API that is openly available for developers to build upon. This underlying API structure is one of the reasons so many developers choose FusionAuth as their identity solution. “We provided the most essential elements of any identity solution out-of-the-box without excessive code bloat. By exposing the full API to developers with clear and detailed documentation, we allow them to build upon our secure foundation and add the unique custom features they need,” explains Pontarelli. The team regularly receives compliments on the comprehensive documentation they provide for their APIs.

This foundation for development also opens up a valuable back-and-forth exchange with developers.
Their active and growing community in Github, Stack Overflow and Slack has provided essential use cases and feature suggestions as system architecture strategies evolve. “We are an open community; anyone using the product can ask questions, provide feedback, and request APIs. We use this feedback and interaction to evaluate and select new features,” says Pontarelli.

Modern Security and Performance

By working with the developer community, FusionAuth is able to improve the platform and maintain the essential underlying security and performance that is vital to identity and authorization solutions. Pontarelli states, “In traditional open-source solutions, a community adds features as they need them, but few pay attention to the deeper security or efficiency of the system. With FusionAuth, our community guides where we go next, and we make sure all new features are built rock solid without sacrificing security or performance.” The FusionAuth team regularly conducts full-scale internal security audits and performance testing to ensure that every facet of the platform delivers the enterprise-level vision of the platform. “The same workflow is used for developing every API in FusionAuth,” adds Pontarelli, “We distill every new feature down to its basic elements and build them in the best way possible.” By focusing on efficiency at the most basic levels, FusionAuth is ready to seamlessly manage authentication, authorization, and security for anywhere from 1 to 100 million users.

Features Built for Modern Devs

From the beginning, FusionAuth has focused on providing a solution for developers. For example, FusionAuth can be installed easily on any system locally without cumbersome provisioning keys, dev accounts, or configuration acrobatics. The local installation includes the complete API for login, registration, passwordless & social login, MFA, SSO, reporting, analytics, and advanced user management features. There is never feature-crippling or blocked access to premium features. This gives developers the flexibility to build and test on FusionAuth’s APIs even if they lack consistent internet connectivity. The full solution is accessible and can be easily tested and migrated to a full production environment when ready. Current cloud-based SaaS solutions require unique configurations for development and production environments and constant connectivity for any use.

Single-Tenant Security

Unlike mass-market solutions, FusionAuth—deployed on-premise or in a private cloud—delivers true data isolation as a single-tenant solution. This eliminates the possibility of data leakage between unrelated companies, whether by accident or through a cyber attack. For additional security, developers can implement a firewall at any layer to protect their data from unauthorized access. Furthermore, FusionAuth’s single-tenant architecture allows for easier compliance with complex regulatory restrictions in many industries and countries. FusionAuth facilitates compliance with Germany’s Bundesdatenschutzgesetz, Australian Privacy Principles, Canada’s PIPEDA, and the European Union’s GDPR, among others. Since every application has varying security requirements, FusionAuth enables its clients to pick the level of security they need and adjust accordingly when threats emerge or evolve.
Pontarelli says, “Developers can even use different password schemas for different groups of users, making it possible to unify multiple identity management systems into one efficient platform.”

FusionAuth provides all the core features of an identity provider— registration, login, passwordless login, social login, password hashing, password constraints, email templates, SAML support, and OAuth and OpenID Connection and more. It also provides additional benefits such as localization, reporting, analytics, user segmentation, user search, and a robust user management UI. The localization element is particularly useful for companies that need to communicate in multiple languages. FusionAuth makes it possible to easily communicate with their customers in any language with customized HTML and text email templates for each supported language.

Enhancing Authentication for the Music Industry

Since launching into the market less than a year ago, FusionAuth has been embraced by companies like DataStax, StrategyCorp, and Deutsche Bank. One client, Media Science International (MSI), immediately recognized the value of FusionAuth’s white-labeled identity capability to customize the branding across their implementation. MSI specializes in digital watermarking solutions for the recording and music industry. They needed to add a robust authentication and authorization system to their software. One of MSI’s largest customers Universal Music, used their own corporate Active Directory, and wanted its employees to be authorized while logged into the Media Science International software. FusionAuth delivered a federated login system that allowed Universal Music employees to easily log in through the company’s Active Directory. This allowed the employees to use their corporate credentials and secure access since their Active Directory is only accessible via a VPN. Meanwhile, employees of other organizations were still permitted to authenticate directly with MSI using FusionAuth seamlessly. The needs of every end-user were fulfilled with a single system.

Ready for the Future

It’s no surprise that FusionAuth has been accepted quickly by the developer community, as well as earning a place in the IBM Bluemix portfolio of solutions. However, the company does not plan to rest on its laurels. They continue to add new capabilities and features to the platform, most recently including passwordless authentication, SAML v2 support, cross-domain identity management (SCIM), and integration of WebAuthn to reduce friction in the registration and login process. FusionAuth is also developing a password storage security model called reactive hashing to enable passwords to be stored more efficiently to reduce computer processor loads while maintaining the strongest level of security. “Hashing algorithms are typically designed to be slow and hard to crack, so we leverage stronger password strategies paired with strong algorithms to enable fewer servers to handle logins and reduce overhead costs for customers,” says Pontarelli. Just like with every other feature, FusionAuth will test and scrutinize the security considerations of reactive hashing before integrating the feature. “We know that by providing a secure and efficient platform, we can reduce the costs and time to develop authentication systems, substantially improving the customer’s ROI,” concludes the CEO of FusionAuth.
FusionAuth

Company
FusionAuth

Headquarters
Denver, CO

Management
Brian Pontarelli, CEO