Why you need a centralized identity system for a multi-app business
This article is here to help you develop a secure and scalable identity system for your multi-app business. We will cover best practices, key factors to consider, and provide quick-start guides to get you started on the right track.
Building an identity system is a complex task that demands a thorough evaluation of business models and requirements. As businesses grow and expand, building multiple apps becomes a natural step. Prioritizing identity infrastructure is critical to success in a multi-app business.
In this article, let's explore the best practices and details involved in building a reliable identity system for a multi-app business and dive deep into the factors which should be considered.
What is a multi-app business, and which types of products can benefit from this strategy?
Multi-platform
The simplest scenario is a business with the web, mobile, and native (iOS or Android) versions, where the identity system is unified. It is recommended to label each version as a separate app since they are distinct offerings to customers. This enables you to:
- Enhance growth and security by analyzing usage behaviors and audit logs for individual applications.
- Determine acquisition performance and traffic by channel.
- Prioritize development and distribution strategies per application.
Diverse product lines or a suite of services
Another scenario is when a company wants to maintain a uniform brand identity across all its products while allowing each product to have its distinct app to cater to different customer segments. Let’s take a real-world example.
Spotify is an excellent example of this approach. It offers various apps, including Spotify for Podcasters, Spotify Stations, and Spotify Connect, in addition to its primary app, all with a universal sign-in experience and one user identity system.
Similarly, a health and fitness company may create separate apps for yoga, running, and weightlifting, each with unique features and content, and user interfaces.
Multi-sided marketplace
Another typical scenario is a multi-sided business model, where a company creates value by facilitating interactions between two or more groups of customers.
For example, Uber and Airbnb facilitate interactions between riders and drivers or travelers and hosts, respectively. To enable this demand-supply exchange, companies may develop multiple products.
A unified user system for both sides of a marketplace can offer several advantages. Users can enjoy a seamless experience across various applications and avoid the inconvenience of setting up separate accounts. Furthermore, it accommodates scenarios where one segment moves to another.
Access controls and advanced authorization functionalities can further enhance this best practice.
Why is a centralized identity system important and what are the risks of not having one?
For a multi-app business strategy within a common problem space or domain, consider implementing a centralized identity system.
It can be beneficial in isolating and distributing identities when needed. On the other hand, merging and deleting unwanted user identities can be a cumbersome and frustrating task if multiple identities were created at the beginning, posing a high risk for any type of business:
- Multiple accounts: A lack of a unified user system can result in users having to create and manage multiple accounts for each app, causing a fragmented and frustrating user experience. For example, users may forget their login credentials, leading to lost accounts and a higher support burden for the business.
- Increased development complexity and cost: Developers may encounter challenges in constructing and upholding distinct user authentication and authorization systems for each application, resulting in augmented development complexity and cost. Improper implementation could also lead to disparities between apps, posing a considerable risk to end customers.
- User access management challenges: Lack of a centralized user system can create challenges in managing user access and permissions across multiple applications, requiring establishing different authorization policies in various identity systems and extra effort to identify the right users.
- Compliance and privacy concerns: To comply with regulations and address privacy concerns, businesses must properly manage user identities and data. An uncentralized identity system can create an extra layer of effort or obstacle to achieve tasks such as timely deletion of user data, leading to potential penalties and fines.
- Security vulnerabilities: Shared passwords and weak authentication mechanisms in an uncentralized identity system can create security vulnerabilities that impact multiple apps. It can reduce the amount of personal information users need to share with individual apps.
To enable a centralized identity system, do these
Choose an identity-and-architecture fit solution
There are many identity solutions available in the market, but some can be too complex or lack scalability and flexibility. When choosing an identity management system, it's important to consider its architecture and how it fits with your multi-app scenario.
Define access control
Defining access control is crucial in ensuring the security of the identity system. Access control specifies which users have permission to access particular resources, and at what level, across various applications. This definition enables the protection of sensitive data and establishes an adaptable authorization mechanism.
Design a cohesive sign-in experience
The sign-in flow should be universal, covering all products, and the authentication methods utilized should function seamlessly across all applications. It is crucial to prioritize the consistent branding and appearance across different apps, as failure to do so may erode customer trust.
Don't overlook scalability
Your identity system should be scalable to accommodate future growth. Consider the number of users and applications that may be added in the future, and choose a solution that can accommodate these changes.
Use Logto for multi-app business identity
Logto is ideal for multi-app businesses, supporting growth from startup to corporate. Our original architecture and complementary features empower businesses of all sizes.
Multi-app architecture
Users are able to create a single tenant which can host multiple apps, offering flexibility in managing users and tracking logs across the apps.
Universal sign-in experience
The sign-in experience applies to all apps within a tenant, eliminating the need to duplicate or transfer authentication and branding settings to individual apps.
Centralized user management
Logto offers a centralized user pool to manage all tenant users, along with an advanced search API for more targeted management based on specific needs.
Role-based access control
Logto provides a simple yet effective RBAC support, making it an excellent complement to multi-app scenarios and enhancing the security of complex businesses with multiple applications.