Developers who stop by our conference booths frequently say “We wish we had known about Stormpath a year ago before we started our project.” Fortunately, it’s actually easy to switch out a homegrown identity service to an Identity API.

When they first scope out a new web or mobile application, engineering teams often choose to build Identity Management in-house for the initial release. This happens for a variety of good reasons:

  • Teams may underestimate the time and effort (and therefore expense) of building a fully-featured user management service.
  • They may underestimate the amount of security infrastructure required to do authentication the right way.
  • They might be budget-constrained and assume that a 3rd party service would be cost-prohibitive.
  • Their company may have a “Not Built Here” culture that prevents developers from using external services.
  • There are many reasons “proof-of-concept” or homegrown authentication services make it into the actual product on launch day. When does it make sense to revisit?

    The Burden of Authentication Maintenance

    Post-launch, authentication – and particularly authorization – features can cause maintenance headaches. Business requirements expand, and functionality gets bolted on. But maintenance headaches also strongly affect the operations teams. Ops has to ensure the necessary availability and scalability to provide a positive experience for end users. Spiky, event-driven usage patterns can really wreak havoc on Identity infrastructure, and not every ops team wants to take that on.

    Why Teams Switch to an Identity API

    Fortunately, the decision to roll your own user management is not irrevocable; you can still swap in an API service like Stormpath. In fact, the majority of our customers did just that, and here’s why:

    Cost savings: User management is one of the highest-risk areas for cost overruns, both for the maintenance phase and initial development.

  • Functionality: As teams continue to build out the Identity feature set, things that seemed simple on the surface reveal themselves to be much more complicated. This is particularly true when it comes to advanced features like multi-tenancy for your customer organizations, token authentication, client-side authentication for mobile, and API key management.
  • Focus: They want to free developers to work on the core features of the application.
  • Security: Most web applications fail to safeguard user data adequately. Even if they are secured correctly, security maintenance is a heavy burden.
  • It’s easy. Seriously.: Our customers are often surprised that Stormpath can replace their existing, homegrown identity service in a matter of days or weeks, depending on the environment. And because we do all the upgrades, once integrated, it’s very low maintenance.
  • Need to Upgrade Your Identity Service?

    To switch or not to switch? If you struggle with this choice, our new white paper may help; Of course, an outside Identity Management API is not for every team or every project. There are valid reasons why you might not want to swap out your homegrown approach. The white paper examines those reasons as well.

    Download our new white paper, “User Management for Web and Mobile Applications: Why Teams Replace Homegrown Identity” here (registration required).

    If you would rather have someone email the white paper to you directly, just drop us a note at [email protected].