In today’s digital landscape, Identity and Access Management (IAM) is crucial for ensuring the right individuals have appropriate access to technology resources. As organizations increasingly rely on cloud services and remote work, the need for robust, secure, and flexible IAM solutions has become more pressing than ever. In this blog series, we will explore how we developed our own in-house IAM service, tailored to meet our specific requirements. This first part will delve into our IAM service’s key features, the challenges we faced during development, and the architectural principles that guided our design choices.

Requirements

Our foundational requirement was to create an IAM service that was product-agnostic and self hostable.
This approach allowed us to

• Govern our tenant data.
• Extend the service according to product team requirements, and support the latest best practices for authentication and authorization practices in the industry.

Our Pillars for development

Self-Hosting Requirements

A key challenge we faced was the need for our IAM service to be self-hosted, either on-premise or in our cloud environment. This requirement stemmed from our commitment to data sovereignty and the need to keep sensitive information within our data center. Consequently, we had to ensure our architecture could deliver robust performance and security in a self-hosted setting.

Multi-Tenancy Support

Given our organization’s diverse needs, we aimed to support multi-tenancy in our IAM service. This feature allows multiple clients or departments to use the same service instance while maintaining data isolation and security. Adhering to industry standards for multi-tenancy was crucial to ensure a seamless experience for all users.

Domain-Driven Design Principles

To maintain a clear separation of concerns and avoid entanglement with product logic, we embraced domain-driven design (DDD) principles. This approach enabled us to create a clear, well-defined domain model, enhancing the system’s maintainability and scalability. By focusing on core business logic, we ensured our IAM service could evolve independently of other products.

Future Extensibility

We designed our IAM service with future extensibility in mind, aiming to support sophisticated authorization methods like Attribute-Based Access Control (ABAC). This foresight led us to create a flexible system capable of incorporating new features without major rework.

In the next part of this series, we will dive deeper into the technologies we used to build our IAM service, the goals we aimed to achieve, and the outcomes of our development efforts. Stay tuned for more insights into our journey!

‍