Reco is a dynamic, AI native SaaS security solution that protects business SaaS environments. As they scaled to serve more enterprise customers, the complexity of authentication configuration threatened to slow onboarding to a crawl. Working closely with Descope, Reco leveraged the platform’s low / no-code flows and self-service single sign-on (SSO) to ensure dev and support teams could focus on their core offering: delivering enterprise-grade SaaS security.
About Reco
Reco is a dynamic SaaS security platform that protects over 225 enterprise SaaS environments like Okta, Microsoft 365, and Workday. The platform operates through a multi-tenant architecture where each tenant has distinct security needs and access control requirements.
Gal Nakash, Co-Founder and CPO at Reco, said:
“As a dynamic SaaS security solution, one of the major challenges we face is account and identity management, especially local accounts and guests. As we scaled, it was critical to avoid letting these challenges become bottlenecks in customer onboarding.”
Reco’s infrastructure is organized into clusters of tenants grouped by geographical or operational boundaries. This requires sophisticated management functions to maintain security and compliance across varied customer environments. Each tenant could bring their own identity providers (IdPs), which would traditionally require manual configuration with hands-on assistance from Reco’s engineering team.
Authentication complexity and enterprise requirements
Reco’s focus on the enterprise market meant resilient security and excellent SSO capabilities were table stakes. The platform also needed role-based access control (RBAC) and per-tenant management for each enterprise client. The risk of misconfiguration presented a clear obstacle to meeting these upmarket demands: the potential for users or admins without multi-factor authentication (MFA), over-privileged users, and inconsistent session management policies.
Gal Nakash said:
“Customers requested SSO, social login, and one-time passwords. Meanwhile, we needed RBAC and tenant management. One of the main challenges we prepared for was the configuration behind that. We were wary of misconfigurations around accounts, session times, and MFA.”
Every configuration change could require engineering resources, creating bottlenecks that might delay customer onboarding. Without self-service options, the team would need to manually configure managed tokens, access controls, and permissions for each tenant, rather than focusing on their core platform.
The Descope experience
Reco chose Descope because the solution provided their teams to manage enterprise-grade authentication without direct developer intervention.
Gal Nakash said:
“Descope empowers the product and support teams to serve customers better and control tenants without dev involvement. With Descope, we no longer need to manually manage each tenant’s tokens, profiles, or permissions.”
Many Descope capabilities helped Reco make their decision, including the following:
Low / no-code flow builder: Descope Flows let product managers and support teams configure authentication logic visually, eliminating dev cycles that were better spent refining their core product.
Multiple authentication methods: SSO integration (with customer self-service config), social login with Google and Microsoft, and one-time password (OTP)-based authentication.
Simplified onboarding and configuration: Customers could now self-configure their SSO connections and control granular settings at the tenant level rather than relying on Reco support for every change.
Reactive and effective support: Descope and Reco fostered a close partnership in which feedback was swiftly addressed, and new capabilities were carefully considered and implemented.
SDK and API integration: Programmatic tenant management through Descope’s SDK gave Reco the tools to provision and configure automatically, essential capabilities for their clustered architecture.
Descope’s value became abundantly clear during an urgent customer onboarding. An enterprise client needed access quickly, but their identity provider had disabled Microsoft login without the IdP’s approval. This scenario is typically an impenetrable barrier requiring lengthy calls and troubleshooting to resolve.
In the middle of the night, Reco’s Chief Product Officer logged in to Descope and used Flows to add OTP support in 30 minutes with zero code changes.
Gal Nakash said:
“At the time, we only supported Microsoft, Google, and Okta. Their IdP disabled Microsoft login without approval. We logged into Descope at 1:00 AM, added one-time password support with zero code changes, and the customer could log in within thirty minutes.”
Powering SaaS security with enterprise-grade authentication
Descope provided an enterprise-ready foundation for Reco’s authentication framework, offering a number of benefits:
Team independence: Product and support teams can now manage authentication, from building flows to resolving customer issues, without consuming developer resources.
Eliminated manual work: Where previously teams would be required to directly manage tokens, profiles, and permissions, tenant admins could handle these details on their own.
Time savings: Authentication changes and additions that would typically take weeks could now be completed in hours or even minutes.
Reduced misconfigurations: Descope’s ability to abstract complex security infrastructure into streamlined interfaces lowered the risk of accidental misconfigs, even without advanced security knowledge.
Scalable multi-tenancy: Reco could now manage complex, tenant-specific auth parameters across their many growing enterprise customers, all with minimal coding and dev intervention.
Support access flexibility: “Break-glass” account capabilities enabled Reco’s support team to directly assist customers even when SSO is enforced, maintaining service quality without compromising security needs.
The ability to respond to customer needs in the moment, without code changes or hands-on involvement from developers, became a competitive advantage for Reco. The SaaS security solution could move at the pace of enterprise, showing upmarket customers that they were able to meet their high standards for responsiveness and security rigor.
Gal Nakash said:
“We recommend Descope because every enterprise-facing business has these requirements—to support any login option, for speedy SSO setup—and it’s all so much easier with Descope. You can set the right configuration without deep security experience.”
Descope is a flexible drag & drop CIAM platform that helps organizations easily add authentication, authorization, and identity management to their apps, AI agents, and MCP servers. Customers use us for initiatives such as passwordless authentication, SSO, identity federation, strong MFA, fraud prevention, and agentic identity.
To get started with Descope, sign up for a Free Forever account. If you have questions about our platform, book time with our auth experts.
