KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In the fast-evolving landscape of digital connectivity, one of the biggest challenges service providers in highly regulated industries face today is ensuring that authentication and API authorization mechanisms are implemented correctly. At the same time, they are required to meet high expectations of customers for a seamless experience.
Traditionally, authentication and API authorization functions have been combined into one system architecture, often through a managed service provided by a vendor. However, this restricts how service providers can customize their identity and access management systems to deliver a consistent brand experience.
To thrive in the competitive environment, service providers are increasingly opting to build their own authorization servers in-house. They are taking control of their identity and access management systems to deliver a frictionless and differentiated experience.
Discover examples of how well-respected brands have built their fully compliant and secure authorization servers by offloading the protocol processing and management, accelerating the growth of their digital services.
In the fast-evolving landscape of digital connectivity, one of the biggest challenges service providers in highly regulated industries face today is ensuring that authentication and API authorization mechanisms are implemented correctly. At the same time, they are required to meet high expectations of customers for a seamless experience.
Traditionally, authentication and API authorization functions have been combined into one system architecture, often through a managed service provided by a vendor. However, this restricts how service providers can customize their identity and access management systems to deliver a consistent brand experience.
To thrive in the competitive environment, service providers are increasingly opting to build their own authorization servers in-house. They are taking control of their identity and access management systems to deliver a frictionless and differentiated experience.
Discover examples of how well-respected brands have built their fully compliant and secure authorization servers by offloading the protocol processing and management, accelerating the growth of their digital services.
So as I was introduced, I am nan, I'm the co-founder of OS e, and today we're gonna be talking about building your own authorization server. Liberate yourself from vendor limitations.
Just the, yeah, so I mean, this is, this is a, you know, this is something that we all talk about, right? I mean, whenever we wanna deploy a new technology or we want to, especially in the identity space, there's always a dilemma that says, do we buy or build? And you know, earlier yesterday when I was at another talk, I, I really liked somebody saying that, Hey, should I sass it or not sass it or build it?
So I just, you know, last minute, incorporated the slide. And so when, when there's a dilemma in terms of should I buy it or build it, and you reach a conclusion saying that, okay, I'll buy it.
But, so you decide to buy a SaaS service, you've got a solution within your budget, and you are able to go live within your schedule and it all looks good, right? But recently what we've heard from many of our partners and customers is that once you buy a service and it's up and running and everything looks good, you start to realize that your future really becomes dependent on your vendor's roadmap.
So when you want to make a change or when you want to support a new feature, or when you wanna make any changes, you're like, ah, you know, you go back to your vendor and you said that, oh, can you support this? Or Can you support that?
Or, this is what I want to do. And sometimes a vendor is like, yeah, yeah, sure, we'll do that for you. Or sometimes they'll be like, well, we can't do it right now because it's not on our roadmap. And then you start to realize that, ah, okay, well I guess I'll just have to wait. You don't have control over your brand identity. So when you're talking about your authorization server, your vendor obviously hosts your authorization server. It's a managed service and it's very convenient because, you know, they manage the whole thing.
But what really happens is that when your users access your service, you're sending them over to your vendor's domain, even for a split second, because they're obviously managing all the access token management. So some companies who become to who, who, who start to become very, you know, conscious full about, you know, having their brand identity, you know, in place, they start to feel like, Hey, we don't really wanna send our customers to the vendor's domain, even if it's for a split second. We want to keep them all within their service domain all the time.
You don't have control over your touch points between your users and service providers. Again, you're dependent on your vendor because your vendor is providing you with a managed service. So how do your users interact with third party services?
Yes, of course many of your vendors will provide you with that information, but you have to ask for it or it is provided to you by a third party. It's not something that you have full control over. And when you think about all of the above, these are pretty critical factors that you start to begin to realize that yeah, you're dependent on someone and you wish you would've had control over all of these aspects yourself. So let's do another review. If you buy a service, the pros are faster time to market.
Of course, you know, you get a managed service out of the box. It's takes, it takes care of all of your authorization workflows, and it's better suited actually for a new or greenfield solution without established user journeys. The challenge is, of course, is that outsourcing limits customized options. We all know that now requires retrofitting existing UX in what the vendor provides you with. So the vendor would provide you with templates and will tell you that, yeah, yeah, it's customizable and you can do a lot with it.
But again, it's within those templates that the vendor would provide you with implementation, implementing changes are beyond standard and they're limited deployment options of course. So some people might say, you know, I'm not gonna buy it, I'll build it. So what happens then when you build it, you're like, well, you know, I want to build it, but I'll need experienced resources. I'll need more time. I'll need to think about maintaining and supporting it on a long-term basis.
That means I'll need to have, I'll need to invest in a team and to keep updating on supporting the evolving standard and specifications is again, a challenge. So the pros are that, yeah, you have complete control over what you're building, but the challenges are that the security is not a one-off task. Need to have a team of experts and constantly stay on top of changing landscapes of compliance and security standards and the time to market will take longer. And that's where we come in. It's a buy and build model.
It's a little bit of a best of both worlds and it kind of sounds very good, but what this actually means is that you buy the components, the building blocks from us, and you build it yourself. That's our model. We empower our customers to build this yourself. So you have full control over the UX and the user data. We have flexible deployment models, either on-prem or on the cloud. It seamlessly integrates into existing ecosystem. So somebody might say that, Hey, but you know, I'm, I'm, I'm using a vendor solution. How do I use oddly or I, I have my own.
Well, it it, we, we, we can integrate with almost any third party service because we're an API away, and I'll explain this in the next slide. I can build my own authorization server and have offbeat manage the token space and open standard and specifications. I can have full control and think about this.
You know, a lot of people might say that, no, you know, I'll build it myself. But when you build it yourself, you know, do you really have developers and experts who know about fpi?
You must, you must have heard about fpi or siba, MTLS, Depop SD Jot, the OID federation and you know, so many of the other standards that start are beginning to become more and more important while you build your own authorization server. And so with Auth athlete, you buy the components, you build the authorization server yourself, and you offload all of this complicated and difficult bits to off athlete who would then instruct your server in how to manage your tokens based on these open standards. The blue part is where O Athlete sits. So we sit in the backend of the backend of your system.
What that means is that it, the integration with relying parties using the latest OAuth and OITC standards, we don't use any user credentials or attributes. So we don't have access to your database per se. We don't manage or have access to any of your user information. You can have your IAM or your login. You can use your existing IM and login and we work with any third party solutions including your API management gateways because we communicate with your authorization server through an API.
So you'll just have to build a few endpoints and we will communicate through those endpoints and empower your authorization server to be fully compliant with the latest standards almost immediately. So we have been in the business since 2016, it's almost been eight years. So we are specialists in this field. If many of you may have heard about fpi, which is the financial, which is, you know, used to be called the Financial Grade API. And we were one of the first to be fully compliant and certified.
And many of our team members, many of our senior team members of whom Joseph and Justin are over here at the EIC conference, they have been contributing in writing the specifications for the Open ID Foundation. Taka Kawasaki, our co-founder has also been very much involved and active in contributing to industry best practices. We have a growing list of customers around the world. We have around a hundred large enterprise customers who have looked at auth and said, yes, we wanna build this ourselves. We do have the resources, we do have the funding, but it is after all quite complicated.
So if we can build it ourselves and have full control, but leave it up to the experts in doing all the heavy lifting is really something that many of these companies realize that wow, this is the best of both worlds. And I don't, at the end, this is the last slide, but I'd like to talk to you about a use case with newbank, which is one of the largest digital banks in the world based out of Brazil. They have over a hundred million account holders today. And they came to us and they said, we've looked at different solutions, we've looked at different vendors.
Newbank prides itself in building everything in house. They don't buy from vendors, but when it came to their authorization server, they needed help. So they were looking around and they said, ah, you know, we can buy from athlete but build it ourselves. Which means they can still be true to their fundamental values of building it themselves, but they were able to offload the complicated bit to oth lead. And so I'd like to end my presentation with a video from New Bank, which is a testimonial in terms of how they have used our solution and benefited from it.
So if you can please play the video please. Oops. Can you get sound? Okay. So I'm sure we'll be able to sort this out. We have a few minutes. Okay.
Okay, great. We'll get the sound working.
Yeah, I was supposed to embed this video, but my Name is Luciana Ra. I am the general manager for Open, open, open Finances, please. At no bank. They feel that it's not right to share data, so and so forth. All we really need to, Okay.
Yeah, so this is the video we had. We had pieces link, and that's why we should have embedded this video, video into our presentation. But this is a link and it's going through over the internet and therefore I think we're just making some adjustments. I was ask you sure while we're waiting. Yeah. You talk about the quick deployment. Yeah. How your customers roughly, you know, how quickly can they get things up and running?
So, so, so Newbank is a, is a really good example, a very large organization and from first contact to when they went live, it literally took them eight weeks. So that's the power and speed of how you can build something so powerful in such a short period of time. Anyone got a question while we're waiting for our YouTube to Yes. Kick in. Yes. What would be the optimal customer profile? What should be in place in an ideal situation Sure. That they benefit most from your, okay, So, so I think, I think there are few customer types.
One would be a bank like Newbank who are, so it's, it's kind of interesting in the sense that people who want to build an authorization server, an IDP identity management systems themselves would be more inclined to work with a company like us because we're empowering our customers to build it themselves. It's kind of different to how other vendors approach their customers by saying that, give it all to us, we'll manage it for you. We're saying do it all yourself. We will empower you to do so.
So companies who would like to build it themselves will be more inclined to come to see how we can add value to their services. Then there's also system integrators who may want to who, who may want to provide the service to their customers. And so they would, they would, they would think our components will be very valuable for them. Yeah. Okay. Do we have the video now? Sure. Great. Thank you. Then we'll do your question. My name is Luciana Carla. I am the general manager for Open Finance at newbank. Security is definitely a key piece in delivering open finance to customers.
At times they feel that it's not right to share data, so and so forth. So we really need to install a system that inspires trust and that it works to customers. When we look to all the protocols, that was something that we didn't have internal knowledge, we would have to invest a lot to build that from scratch Time-wise, it didn't make sense. And also it's a bit far from our core. Everything that we do internally when I look to the markets, we found that LY was the best company out there with the broader experience on that experience in other markets as well.
And the scalability component is definitely a key to us. We wanted a company that had deep knowledge in processing all the security standards API of 2.0 Open I other certifications. And we did have regulatory dates that we had to comply with. And when looking to our provider, we really, really wanted to find someone that was very connected with our principles, the inter engineering principles mostly. And that could scale as fast as new bank has done.
We like to build most of the things internally because it's really important for us to have control of the full experience and deliver something to customers that it's really great. We have one opportunity to really delight our customers once we lose this opportunity. It's really hard to convince our customers to interact with the bank again. And one of our principles, it's, we want customers to love us phonetically. And that's a key response. We need to scale, we need to deliver the best service, we need to be available and reliable a hundred percent of the time.
And that's when Off Fleet comes to place. Like in terms of the speed, technology, availability, reliability, those were definitely things that we were looking at when choosing a partner in Open finance. That it's a strategic pillar, a strategic agenda for us at New Bank in 12 months, we got more than a million concepts. That's a huge number. So it was really, really important. Someone that in a matter of a year could go from zero to 1 million and in less than two years ago, from zero to 10 million customers.
And hopefully it was definitely the, the provider that we felt was the right one to embark in this journey with us. Yeah. Thank you. Thank you. Was there a question over here?
Yeah, yeah. We still got a little bit of time. Sure. I've got a question about open banking. Do you support Australian open banking standards? Yes. You do. Okay. Thank You. Australian EDR. Yeah. Okay. Thank you.
Okay, well thanks very much Yeah, Ali for that and I'm glad we got the video to work. Yeah, absolutely. Thank you very much for that. Alright. And thank you for your time. Thank you.