How EnjoyHQ implemented enterprise-level SSO in less than 4 hours
EnjoyHQ is a UX research repository for product and design teams: centralize all your research data, improve collaboration, standardize your research process and share insights easily. Their platform is used by Adobe, GrubHub, Contentful, and others to scale and track information for their research operations teams.
The Problem
EnjoyHQ supports small users all the way up to large enterprises: Single Sign-On (SSO) was a requirement from the start. The company’s larger customers routed authentication through identity providers like Okta and Microsoft Azure AD - and if EnjoyHQ didn’t support logging in via those providers, these deals were dead on arrival. The problem is that SSO isn’t exactly easy to build: Okta might be standard enough, but 5 weeks into the “1 week project” you’re deep in custom SAML flows and wondering where it all went wrong.
EnjoyHQ was in discussions for signing annual contracts with 10 large customers, including Fortune 500 companies and name brand financial institutions, but all decided to put the deals on hold due to lack of SSO. Existing customers, who signed under the premise of eventual SSO integration, were asking every 2 weeks about the status of SSO integration with IdPs like Okta and Azure AD. Some customers even had to walk away from using EnjoyHQ due to their internal security teams being unable to give a pass on their vendor security reviews without SSO.
Everybody's very cautious when it comes to security. They want to have the best security posture possible. So, they want to limit access to tools and be able to revoke the access easily. SSO is one of those things that is becoming almost mandatory now if you're in the B2B space.
— Łukasz Korecki, Founder & CTO
The engineers at EnjoyHQ had already integrated SSO with Google, but integrating additional IdPs was going to take a prohibitive number of engineering hours. Between setup, setting up test instances, understanding the data model, and analyzing edge cases, they estimated setting up additional IdPs would take a couple months, at minimum.
"It was very clear that we were not looking into one [IdP], we were looking at least into three or four. And at that point, it became very clear that we can either do this the slow way - keep implementing one by one - or we can just find an external solution," explained Korecki.
The Solution
Originally, the EnjoyHQ team looked into using Amazon Cognito, Auth0, and Okta. Their research into their options was thwarted upon the realization that the tools were “just not built” for what they were looking for or were not the right fit for the use case they were looking to solve.
"It seemed like it's going to take a lot of effort to integrate with either [Okta or Auth0] and on top of that, we will have to effectively duplicate our user database into their services and tightly integrate with them, which doesn't sit very well with some of our enterprise customers," said Korecki.
EnjoyHQ started using the WorkOS SDK to quickly add SSO to their app and avoid the overhead of supporting multiple IdPs manually. WorkOS offers SSO integration for over half a dozen different IdPs, all through one API endpoint.
WorkOS is very lightweight in terms of how we can integrate it with our existing product and provide additional SSO options while keeping all the other controls and our permission levels within our application intact.
— Łukasz Korecki, Founder & CTO
With WorkOS, the EnjoyHQ team didn’t just save time building SSO - they were also able to avoid the maintenance that comes hand in hand with custom integrations. Compared to the alternatives which required large amounts of customization and monitoring, WorkOS solved their problems with simple elegance.
"The simplicity of the solution was very, very compelling... For something as complicated as Single Sign-On across multiple sources, some of other alternative solutions require you to get a PhD in understanding their platforms," explained Korecki.
The Results
Integrating WorkOS into EnjoyHQ was easy - within 4 hours, the EnjoyHQ team had SSO fully integrated and functional on their system. With integrations completely finished, they were able to announce the launch of SSO to their customers.
Our customers got incredibly excited. Okta is one of our customers, so they were waiting for an Okta integration themselves. They were the one of the first ones to actually try it out and [it] just worked on the first go. There were no issues, and we were able to have them sign in through Okta integration within an hour. That was incredible.
— Łukasz Korecki, Founder & CTO
In addition, thanks to integrating WorkOS, the EnjoyHQ team was able to go back to their 10 customers and secure large, long term contracts with these teams. Now, EnjoyHQ is rolling out WorkOS-based SSO to all of their customers - over 70% of their clients are now utilizing WorkOS and the number is growing every day.
"It was great to see someone as customer obsessed like us. It’s just a great team of people to work with - not only responsible, but also super kind and very receptive to the feedback.... Within a week, you go from zero to having over five enterprise-grade SSO integrations. Within a week, you are ready - you can deploy them and your customers can use them without any problems." said Korecki.
Add SSO,
the easy way.
WorkOS provides a single, elegant interface abstracting dozens of enterprise integrations.