AuthCon

Building the Customer Identity commuity together

As an early Kubernetes pioneer and evangelist, I’ve been privileged to meet tens of thousands of people through the cloud native community. I’ll share memorable moments that inspired me, insider information on how to navigate the many projects…

Navigating the Hidden Complexities of Identity

Having built and maintained homegrown authentication across organizations with varied approaches—from acquisition-driven growth to GitLab's engineering-focused culture— I’ve learned the complexities of identity systems the hard way.

2FA for Millions: Implementation Lessons from GitHub’s 2FA Mandate

Implementing mandatory two-factor authentication (2FA) for millions of users presented a unique set of social and technical challenges, balancing supportability, usability, and security.

The New Gatekeepers: How Browsers Are Reshaping Your Customer's Login Experience  

Once upon a time, browsers were just windows to the Internet: neutral, passive, and happy to let authentication happen elsewhere. That era is over. Today, browsers are making decisions about…

OAuth 2.0 and Decentralized Identity: leveraging the best of both standards

OAuth 2.0 (centralized authentication, authorization) and decentralized identity (DID) both have unique strengths that benefit users. How can we leverage the best of each through OIDC integration?

CIAM in the wild: what we learned while scaling from 1.5 to 3 million users

Migrating identity and access management for millions of global users is no small feat—especially when it's blocking a larger re-platforming initiative to support rapid growth and GDPR compliance.

Rant from the Other Side

So, you’re building a SaaS product, and now your customers expect seamless, secure authentication. Sounds simple, right? Until one customer demands OAuth, another insists on SAML, and that big enterprise deal? Oh, they need LDAP over a VPN from 2003.

CIAM & Friends: Identity Buzzwords that actually matter

While CIAM is central to identity strategies, many tools enhance security and coverage. This session explores key solutions that integrate with CIAM for a holistic approach, including:
Workforce IAM – securing employee access, PAM – protecting admin accounts
and much more.

AI based creation and validation of your JSON schema

Creating your JSON schema correctly (including JWT schema validation and opaque tokens) and validating it is crucial for preventing errors and security risks. With modern, AI based, approach and tools you can now do it automatically and error free - let me show you how!

Less Oopsie with IPSIE

Integrating a B2B SaaS app with the enterprise IAM has been a game of "choose your own adventure" where what is required to be "secure" has been ill defined. The OIDF IPSIE working group was created to standardize best practices for both apps and providers.

The Unspoken Tradeoffs of Fine-Grained Authorization

Moving beyond a world where roles define coarse-grained user permissions, modern applications now rely on multiple factors and methods to determine fine-grained permissions.

OAuth 2…Is It Really The Standard? Exploring Real-World Implementation

OAuth 2 is a protocol celebrated for its intended standardization, yet it’s plagued by inconsistent implementations across various systems. Drawing on unique insights from a platform that streamlines authentication and…

Patterns of failure in modern auth

Authentication and authorization systems have grown from the days of /etc/passwd into a maze of distributed systems across cloud providers and edge locations. This increasing complexity and scale has opened the door to entirely new classes of security incidents.