A CEO has to deal with many make-or-break decisions in a company’s lifetime. An important decision that has been facing me for the last few weeks – when is Descope’s official birthday? We were incorporated on April 1, 2022 (no joke) but we came noisily out of stealth on Feb 15, 2023. Since there’s no calorie counting on the Internet, I’ve decided to eat two virtual birthday cakes.
In this blog, I will reflect on our first year of selling and shipping. April 1 will be reserved for a very special and very serious product announcement.
Let’s blow out some candles in 3,2,1…
Move fast and don’t break things
When noise is all around you, it becomes even more important to keep your ears close to the customer, acting on their feedback and anticipating their needs. Our team pulled out all the stops in 2023 as Descope evolved from a developer-first authentication service to a full-fledged CIAM platform for organizations of all sizes.
Passkeys for everyone
Soon after launching from stealth, we released capabilities that help any developer add passkeys to their app without changing their IdP. Descope has been a Day 0 passkeys shop, but we realize that different companies will move at different speeds when it comes to trying out and adopting passkeys.
Customers can now adopt biometrics whether they use Auth0, Amazon Cognito, Firebase, or any other identity provider, enabling them to pilot passkeys without spending endless sprints.
Playing well with others
We come from the world of workflow orchestration, and have always believed that user journey flows should leverage the capabilities of other tools within and outside the realm of identity. To this end, we launched a plug-and-play connectors ecosystem to help customers weave in data and actions from external products in their user journey flows.
We already have dozens of connectors that customers are using for:
Preventing fraud with risk-based MFA
Localizing signup and login screens
Ensuring unique and strong passwords
Verifying identities for sensitive actions
…and much more
Eliminating identity silos for enterprises
As we spoke with larger organizations, we quickly uncovered the complexity inherent in mature identity management implementations. A “customer” can be a paying customer, a free user, a partner, a supplier, or even an employee. An “app” can be their product, a partner portal, a support app, a learning management system, or a custom app their IT team created. Identity silos abound, leading to a lack of visibility into the real customer journey.
Descope’s Identity Federation Broker cuts through the identity fog of war facing enterprises. By combining interoperability across SAML and OIDC with the ability to run custom workflows at any time during the user journey, Descope’s dynamic federation helps organizations get a 360-degree view of their customer identities.
Customers use our many-to-many federation for use cases such as:
Merging user identities across SAML and OIDC apps.
Creating personalized user journeys based on which app the user came in from.
Building account recovery flows when a user’s identifier changes (e.g. when they replace a personal email with a work email).
Granular permissions
We strongly believe that authentication and authorization, while distinct, are inseparable. With Descope Fine-Grained Authorization, customers can easily define and implement granular authorization models (RBAC, ReBAC, ABAC) for their apps.
Our authorization SDKs and APIs achieve a balance between simplification and customization, letting developers interpret and enforce the access control per their app’s requirements while providing the tools that abstract away a lot of “under the hood” work.
The capabilities mentioned above are the top of the tip of the iceberg. Curious souls can go through our changelog for plenty of other updates on SDKs, Flow interfaces, A/B testing, tenant configurations, and much more.
Startups, scaleups, and beyond
No matter how many companies you build, you always feel trepidation and nervousness when bringing a product to market. Are you solving the right problems for the right customers? Are you empathizing with their specific pain? Did you dot enough i’s and cross enough t’s to create a product that works now and gets better later?
Thankfully, our customers answered these questions with a resounding “yes”. With 100s of organizations in production, 1000s of developers using the platform, and a wide variety of use cases, we made great strides in 2023 towards our commitment to “descoping” authentication and user management for customers.
Don’t just take our word for it – our G2 reviews paint the picture better than we ever could. My favorite recognition of 2023 was undoubtedly when we were named a “High Performer” in the G2 Winter Grid Reports in both the CIAM and Passwordless categories.
Startups
Our Hello World Startup Program cohort now consists of over 50 startups that use Descope to accelerate time to market without distracting their engineering teams. Finding an authentication solution that “just works” helps these lean teams focus on the things that matter most, as evidenced by the feedback below:
“In my 14 years of product management and overall 20 years of building out products, this is the FASTEST, I have ever got Auth and RBAC implemented in any product. Period.” – Alok Shukla, Co-Founder at FunnelStory
“I've used various auth providers both for production-grade apps and my side projects. Nothing comes close to Descope in terms of developer experience.” – Lead Engineer
Growth
A company’s auth challenges evolve as the company evolves. After achieving product-market fit, B2B organizations start worrying about implementing SSO, SCIM, and other capabilities expected by their enterprise customers, while B2C organizations start prioritizing bot protection and strong MFA. Our goal is to meet them every step of the way.
“Descope's approach to multi-tenancy and SSO has improved our product considerably -- managing role memberships in different tenants is easy. Swapping out our previous IDP integration with Descope was a breeze.” – Senior Engineer at Cybersecurity Company
“We realized that paradigms exist out there for solving the bot problem. But, to really understand them as a company and carve out a solution for each of them in-house would be a crazy expensive activity. Descope solves the bot problem in a much simpler manner.” – Sasidhar Sista, Co-Founder at GradRight
Midsize Enterprise
Solving identity problems for large organizations needs to match simplicity with scalability. Our platform’s flexibility has helped us solve both sweeping and specific challenges for midsize enterprise customers, whether it’s augmenting their existing authentication with phishing-resistant biometrics or unifying their customer identities across disparate apps and IdPs.
I’m highlighting some unique use cases below:
A Digital Adoption Platform with over 5000 enterprise customers uses Descope for authentication and fine-grained authorization, enabling their end users to share resources while maintaining robust access control.
An online retailer with over $600M in revenue trusts Descope with complete user management of their app for buyers, sellers, and partners.
A communications provider with over 17000 B2B clients relies on Descope to securely authenticate their customers.
We can’t wait to build on this customer momentum and discover new challenges to tackle in 2024.
Building and maintaining trust
Your signup screen is the first impression a user has with your app. Relying on a third-party service to handle authentication requires a lot of trust. We don’t take this trust lightly, working every day to uphold our customers’ security, privacy, and compliance requirements.
Security is serious business
On top of being FIDO certified out of the gate, we secured certifications for SOC 2 Type 2 and ISO 27001 and achieved compliance with HIPAA and GDPR in 2023. To further support customers in the European Union, we also launched multi-region data residency, enabling them to process and store their customers’ data in the EU.
2023 also reaffirmed to us that wrangling authentication protocols is complex stuff. In June, we disclosed the nOAuth misconfiguration that impacted MIcrosoft Azure AD OAuth applications and left the door open for attackers to perform account takeover. More recently, it was heartening to see companies like Truffle Security build on our disclosure to find other gaps in Google OAuth configurations.
Closely monitoring open identity protocols, sharing gaps, and enacting fixes is the most sustainable way for these protocols to remain open, interoperable, and effective.
We’d like to thank the academy
In addition to customer adoption, we were also thrilled to receive recognition from analysts and the industry at large. Being included in the Redpoint InfraRed 100 and Fortune Cyber 60 lists alongside other innovative, disruptive companies remains a source of pride. Being named a Developer Trailblazer was arguably even better as we were voted to the podium by our user community.
Moving to the analyst world, we were recognized in the GigaOm Radar for Multi-Factor Authentication in the Innovation quadrant. Being ranked “exceptional” on consumer deployment, enrollment & self-service, policy management & enforcement, end user & admin ease of use, and passkeys highlights how far we’ve come in a few short months.
Always persevere
While no company operates in a vacuum, what our employees accomplished in 2023 was done amidst the most turbulent and tough conditions imaginable.
The October 7 attack on Israel affected all of us mentally and many of us materially. Every second not spent delivering for our customers was spent in bunkers on reserve duty, enlisting in volunteering efforts, engaging in advocacy and emotional support, and covering for one another to ensure no customer request slipped through the cracks.
Our thoughts are with everyone at Descope and beyond who is grappling with the realities of the conflict while continuing to provide for their families, customers, and partners. 2023 certainly showed me that the Descope team can deliver despite anything and everything else going on.
Back to work
I’ll be honest, I slightly regret spending an afternoon writing this blog rather than meeting with customers or raising some pull requests. I’ll leave you with an enduring feeling of gratitude – thank you to our customers, investors, partners, and tigerish team of employees for making this a momentous first birthday for Descope.
I’m going to check if our coffee machine is still broken. See you soon!
