What's in a name? that which we call a rose
By any other name would smell as sweet.
- William Shakespeare, Romeo and Juliet
Well… if it were as simple 🙂
Identity and its management has become more important than ever in today’s world with thousands of applications getting launched every month. Identity and Access Management System is a framework of business processes, policies and technologies that help in managing electronic or digital identities. It also defines who has access to the systems and the nature of access to the systems. Online identities are as good as other paper identities used in real life scenarios (sometimes digital imprints of the same), whether it is
Similar to how a wrong identity entering your flight can cause a hijack, a wrongly authorized user can cause havoc on your applications and supported systems.
With multi-tenant systems, this plays an even more crucial role as the data of one organization should be segregated and protected from the users of other organizations.
Hence identity and access control becomes a very significant part of the system.
Well, having worked with a lot of applications in different domains, I realised there are various kinds of authentication systems that teams work with across applications. Some are proprietary code bases, some open source, managed systems or even hybrid models.
With a wide range of tools available, it becomes difficult for engineering teams to make a quick decision on what to opt for and they spend a lot of time to hunt for the right solution.
Having faced a similar challenge in one of our recent projects, I thought it might be a good idea to document our learnings specially for early stage startups to make quicker decisions.
When looking at IAM (Identity and Access Management) tools, I feel these are the main consideration points for any team and specifically SaaS startups:
We too had multiple constraints specially with respect to cost, time to market and flexibility. Therefore it became important for the team to do some research and make an informed decision.
There were a lot of libraries and solutions that we explored for our use case - both managed and unmanaged, as well as open source vs paid. Here is a quick snapshot based on the earlier defined parameters for a few of the tools and frameworks.
During exploration, we realized that for our use case, managed solutions will have their own limitations in terms of what and how much we could configure. Also since cost was another big factor, we decided to go for an open source solution.
Passport is a middleware for Node.js, that makes it easy to implement authentication and authorization. It works well with MEAN or MERN stack.
There was just one limitation with the library that our service using the code had to be written in Node.js. Since we follow micro-services architecture, that was not really a bottleneck for us.
For simple integration with the library, check the Passport docs or read this blog.
Our integration with Passport.js is up and running in Production and lot of users have been using the sign-in/sign-up functionality with local auth and Google/Github SSO.
Overall Passport.js turned out to be a great solution for our IAM scenarios and we have not yet found a use case that we were unable to solve with it. Whether you are building your first login page or are an expert in all things identity, the documentation will help you understand Passport and use it in your applications. Therefore, I would strongly recommend startups who are looking for a quick solution for identity management to use this library.
When I discover who I am, I’ll be free.
- Ralph Ellison, Invisible Man
Feel free to comment or write to us in case you have any further questions at support@zipy.ai. We would be happy to help you. In case you want to explore Zipy for your app, you can sign up here or book a demo here.