Professional Documents
Culture Documents
Auth0 Bluetooth Sig Case Study
Auth0 Bluetooth Sig Case Study
Auth0 Bluetooth Sig Case Study
Formed in 1998, the Bluetooth SIG is the not-for-profit trade association that
oversees Bluetooth® technology. In support of more than 34,000 member companies,
the Bluetooth SIG facilitates the collaboration of its members to create new and
enhanced specifications that expand the technology, drives global interoperability via a
world-class product qualification program, and grows the brand by increasing the
awareness, understanding, and adoption of Bluetooth technology.
INDUSTRY REGION
Non-Profit AMER
auth0.com 01
CASE STUDY
Bluetooth SIG needed a modern identity solution in order to meet the challenges of
expanding collaboration, providing secure access, and ensuring organizational
compliance for over 150,000 users. The organization wanted a standards-based
authentication solution that could meet present and future needs. They decided that
OpenID Connect and OAuth 2 met these requirements.
Granular access to the various services Bluetooth SIG provides was also needed. Users
are assigned member levels based on their organization. Organizations are grouped into
three member levels:
Adopter – the basic level of membership that allows an organization to license and use
Bluetooth technologies in their products.
Promoter – the member companies that oversee Bluetooth SIG have this level of
membership and act essentially as the board of directors for the organization.
auth0.com 02
CASE STUDY
Naturally, the different member levels meant different levels of access needed to
Bluetooth SIG services. Adopters, for example, would only need access to view the latest
approved specification, while Associate members would participate in contributing to
working drafts and have privileged access to unreleased documents.
The Bluetooth standards are defined by various working groups within the organization.
A highly granular permissions system was needed to ensure compliance and limit legal
liability. This was non-negotiable and whatever solution the team would recommend
would need to work with the existing system that enforces these roles.
Bluetooth SIG already had a homegrown authentication solution but it was not meeting
the needs of the organization. The engineering team, led by Jeremy Syme, decided that
it was time to implement a modern authentication solution into their ecosystem. The
team evaluated whether to build or buy, and quickly determined that buying was the way
to go. The engineering team did not have the resources or expertise to build and
maintain another homegrown solution, so after evaluating various options decided to
entrust Auth0 as their identity and authentication provider going forward.
Jeremy Syme
Director of Systems Engineering
auth0.com 03
CASE STUDY
Challenge
Bluetooth SIG started out with a single homegrown ASP.NET application. At the time,
they used Windows Forms based authentication to provide a secure login experience for
their users. This worked while they had just a single application to maintain, but as the
organization grew and additional services were deployed, it became apparent that this
solution was not going to cut it.
The biggest feature the engineering team wanted to implement was Single Sign On
(SSO). Without this, the various services both homegrown and SaaS would have different
authentication systems, workflows, and users. The overhead of managing all of this
would be highly impractical. Maintaining their own authentication infrastructure, patching
security holes, and fixing authentication related bugs would take time and resources
away from focusing on developing features core to Bluetooth SIG’s mission.
The engineering team evaluated their existing solution to see if they could accomplish
their goals and discovered that it would be a complex task that would still not be
satisfactory in the long term. They needed more than an authentication system, they
needed an identity management platform.
Guru Nagaraju
Software Development Manager
auth0.com 04
CASE STUDY
Identity-as-a-Service
Secure authentication alone was not enough. Bluetooth SIG engineers decided that a
modern identity management system was needed. They first evaluated whether to build
a solution in-house, buy or license an existing provider, or configure an open-source
solution. It was quickly and unanimously decided that buy was the way to go.
With the decision to buy established, the engineering team set out to evaluate options
and offerings. The criteria not only included technological capability, but also licensing
and support considerations. Two companies were identified as possible matches, Auth0
and a competitor.
The team reached out to both. Part of the evaluation process was building a
proof-of-concept to demonstrate capabilities with both Auth0 and the competitor. The
competitor fell short by lacking OAuth 2 capabilities and a licensing model that did not
make sense for Bluetooth SIG. Auth0 presented the winning playbook by meeting the
technological, licensing, and support needs.
Jeremy Syme
Director of Systems Engineering
Auth0 was chosen as the identity platform for Bluetooth SIG. The platform was chosen
not solely for technological capability, but also for state-of-the-art security, top-notch
documentation, excellent customer support, and a superior licensing model that was a
right fit for the organization.
auth0.com 05
CASE STUDY
The return on investment for Bluetooth SIG was measured primarily in opportunity cost.
For every engineer that would have been tasked with building and maintaining the
identity solution, would be an engineer taken off of working on a project core to the
organization’s mission.
Technology
On the technology front, Auth0 met all of the needs of Bluetooth SIG. Having the
capability is one thing, but the ease of integration cemented the choice for the
engineering team. The organization already had various applications, both homegrown
and SaaS, and Auth0’s modern identity solution was implemented on top of the existing
technology without any code changes.
With Auth0, the team was able to integrate Single Sign-On (SSO) and modern
authentication on top of the existing legacy implementation. This allowed the team to use
their existing database of users which meant they wouldn’t need to inconvenience their
members with password resets or downtime. This also allowed the engineering team to
define a roadmap for migration that they felt comfortable with and fell in line with their
plans for the future.
“Implementing the Auth0 identity solution took a single digit number of days versus the
estimated months to build a solution in-house.”
Security
Bluetooth SIG needed an authentication solution they could have full confidence in both
from a security and access standpoint. On the security front, Auth0 met the needs by
providing a secure cloud based infrastructure that supported encryption, password
hashing, and attack mitigation. Support for standards-based authentication protocols like
OpenID Connect and OAuth 2 ensured that Bluetooth SIG would not experience vendor
lock-in.
auth0.com 06
CASE STUDY
Bluetooth SIG needed a highly granular permissions system for their users. With various
member levels and working groups across the organization focusing on different parts of
the Bluetooth specification, it was important to get access control right. The organization
already had a permissions system defined and Auth0 was able to use these existing roles
and permissions seamlessly.
Documentation
Top notch documentation played an important educational role for Bluetooth SIG
engineers. Authentication and identity management are complex topics by themselves,
but compounded with various standards and implementations it can be a daunting task
to understand and implement correctly.
Auth0 provided quick start tutorials paired with real world code samples which allowed
the Bluetooth SIG team to quickly build and experiment with different features and
configurations. Actual code samples that could be downloaded and run were a key in
helping the team understand how to put all the pieces together and how the real-world
implementation would work for their platform. In-depth guides and blog posts provided
additional knowledge on how-to’s and best practices for optimal security and
performance.
Licensing
Auth0’s licensing model was a perfect fit for Bluetooth SIG. Rather than charging a fee for
every user each month as is typical in the SaaS industry, Auth0’s licensing model is
based around active usage. This means that an organization using Auth0 only incurs a
cost when their users actually log in.
The majority of Bluetooth SIG members fall in the Adopter category. Out of the 150,000
users, the majority typically log in a few times per year to get the latest documentation
and standards released by the organization. A pay per user licensing model did not make
sense in this regard. Paying for active users made much more sense.
Support
auth0.com 07
CASE STUDY
A concern that the management team had with offloading authentication and user
management to a third party was unexpected downtime. Auth0’s track record of
transparency for incidents and downtime as well as community outreach helped put the
management team at ease with trusting a third party with one of the key aspects of their
platform.
Jeremy Syme
Director of Systems Engineering
Looking Ahead
Auth0 met Bluetooth SIG’s identity needs of today and is also ready to tackle future
needs. Looking ahead the organization is looking to add enhanced security features like
Multifactor Authentication and OAuth 2 implicit flow for greater control. Auth0 supports
both of these features of the box and will be there to assist and support at every step of
the way.
auth0.com 08
CASE STUDY
Eventually, Bluetooth SIG is planning on migrating their users from the existing database
and moving to a full standards-based OAuth and OpenID Connect-capable infrastructure.
Here too, Auth0 is poised to delight with comprehensive migration tools and support to
ensure a smooth transition.
“Auth0 was able to solve our immediate needs with Single Sign On
and integrating 3rd party applications, but looking ahead into our
roadmap the Auth0 identity platform will help us with future
projects by securing our APIs.”
Guru Nagaraju
Software Development Manager
Conclusion
Meeting the technological needs for modern identity and authentication is important, but
it is not enough to just have the tools. Documentation that clearly explains, shows, and
educates developers on how to implement authentication the right way, support and
transparency for when things go awry, a fair licensing model, and pleasant developer
experience drove Bluetooth SIG and its engineering team to Auth0.
Jeremy Syme
Director of Systems Engineering
auth0.com 09
CASE STUDY
ABOUT AUTH0
Auth0, a product unit within Okta, takes a modern approach to identity and enables
organizations to provide secure access to any application, for any user. The Auth0
Identity Platform is highly customizable, and is as simple as development teams want,
and as flexible as they need. Safeguarding billions of login transactions each month,
Auth0 delivers convenience, privacy, and security so customers can focus on innovation.
For more information, visit https://auth0.com.
auth0.com 10