Frequently Asked Questions

Common questions about Authonomy's identity infrastructure platform

Frequently Asked Questions

General Questions

What is Authonomy?

Authonomy is an identity infrastructure platform that fills critical gaps in B2B SaaS applications. We provide:

  • Universal IDP broker (support any customer IDP with one integration)
  • Complete identity visibility across your systems
  • Modern authentication for legacy systems

Who is Authonomy for?

Authonomy is designed for:

  • B2B SaaS platforms supporting multiple enterprise customers
  • Companies with legacy systems needing modern authentication
  • Organizations requiring comprehensive identity visibility
  • Development teams building identity-aware applications

How is Authonomy different from Auth0 or Okta?

FeatureAuthonomyAuth0Okta
Multi-customer IDP broker✅ Core feature❌ Limited❌ Not designed for this
Customer self-service IDP config✅ Yes❌ Developer required❌ Complex setup
Legacy system integration✅ Zero-code modernization❌ Requires rewriting❌ Complex integration
Cross-system identity visibility✅ Complete dashboard❌ Limited✅ Good within Okta
B2B SaaS focus✅ Purpose-built⚠️ Can be configured⚠️ Enterprise-focused

Implementation Questions

How long does integration take?

Initial integration: 5 minutes to get basic authentication working

Production deployment: Typically 1-2 days including:

  • Customer IDP configuration
  • Policy setup
  • Testing across environments

Full rollout: 1-2 weeks depending on:

  • Number of customer IDPs to migrate
  • Legacy system integration requirements
  • Custom policy needs

Do I need to change my existing authentication code?

For new integrations: No, you build against Authonomy from the start.

For existing applications:

  • Modern apps: Minimal changes - mostly replacing auth provider configuration
  • Legacy apps: Zero changes required - Authonomy protects them with middleware/proxy

What IDPs do you support?

Enterprise IDPs:

  • Okta (SAML 2.0, OIDC)
  • Azure Active Directory (OIDC, SAML 2.0)
  • Google Workspace (OIDC)
  • Microsoft ADFS (SAML 2.0)
  • Ping Identity, OneLogin, JumpCloud

Generic support:

  • Any SAML 2.0 compliant provider
  • Any OpenID Connect provider
  • Generic OAuth 2.0

Custom IDPs: We typically add new provider support within 2 weeks of request.

How do customers configure their IDP?

Self-service (recommended):

  1. Customer logs into Authonomy dashboard
  2. Selects their IDP type
  3. Follows guided setup with copy/paste configuration
  4. Tests connection

API-based: You can programmatically configure customer IDPs using our management API.

Assisted setup: Our support team can help with complex configurations.

Technical Questions

How does Delegated SSO work?

  1. Your app makes a standard authentication request to Authonomy
  2. Authonomy routes the request to the customer’s configured IDP
  3. Customer IDP authenticates the user
  4. Authonomy normalizes the response and returns standardized user data
  5. Your app receives consistent user data regardless of IDP
// Same code works for any customer IDP
const user = await authonomy.authenticate({
  customerId: 'any-customer',
  returnUrl: '/dashboard'
});

What about performance and latency?

Authentication flow: Adds ~50-100ms to standard flows

  • Optimized routing to customer IDPs
  • Global edge presence for minimal latency
  • Persistent connections to common IDPs

API calls: < 50ms response time for 99th percentile Uptime: 99.9% SLA with automatic failover

Is customer data isolated?

Yes, completely:

  • Each customer’s data is cryptographically isolated
  • Separate configuration spaces
  • Independent policy enforcement
  • Isolated audit logs
  • Zero cross-customer data leakage

How do you handle GDPR and compliance?

Data processing:

  • Minimal data retention (configurable)
  • Data processing agreements available
  • EU data residency options
  • Right to deletion support

Audit compliance:

  • Complete audit trail for all identity events
  • SOC 2 Type II compliance
  • Automated compliance reporting
  • Integration with SIEM systems

Security Questions

How secure is Authonomy?

Infrastructure security:

  • SOC 2 Type II certified
  • End-to-end encryption
  • Zero-trust architecture
  • Regular security audits

Application security:

  • Multi-factor authentication required
  • Role-based access control
  • API key rotation
  • Webhook signature validation

What happens if Authonomy goes down?

High availability:

  • 99.9% uptime SLA
  • Multi-region deployment
  • Automatic failover
  • Real-time status monitoring

Degraded service modes:

  • Emergency bypass capabilities
  • Local authentication fallback
  • Cached user data availability

How do you handle secrets and API keys?

Secret management:

  • Customer secrets encrypted at rest
  • Automatic rotation capabilities
  • Hardware security modules (HSM)
  • Zero-knowledge architecture

API keys:

  • Scoped permissions
  • Automatic expiration
  • Usage monitoring
  • Revocation capabilities

Legacy System Questions

Can you really modernize legacy systems without changes?

Yes, using several approaches:

Proxy mode: Authonomy sits in front of legacy systems

# Nginx configuration example
location /legacy-erp {
    proxy_pass http://authonomy-proxy;
}

Sidecar mode: Deployed alongside applications

app.use('/legacy', authonomy.middleware.protect({
  legacyUserMapping: {
    'email': 'username',
    'groups': 'roles'
  }
}));

API Gateway: Protects API endpoints without changes

What types of legacy systems work with Authonomy?

Supported systems:

  • Web applications (any technology stack)
  • Internal APIs and microservices
  • Database applications with web interfaces
  • Custom applications with HTTP endpoints

Requirements:

  • HTTP/HTTPS access
  • Ability to add reverse proxy or middleware
  • Session-based or stateless authentication

Pricing Questions

How does pricing work?

Authonomy pricing is based on:

  • Monthly Active Users (MAU) - users who authenticate through the platform
  • Customer Count - number of customer organizations configured
  • Feature tiers - basic, professional, enterprise

Contact us for detailed pricing based on your specific needs.

Is there a free tier?

Early access program:

  • Free during beta period
  • Up to 1,000 MAU
  • 5 customer configurations
  • Basic support

Development sandbox:

  • Always free for development and testing
  • Full feature access
  • Unlimited test users

Getting Started Questions

How do I get access?

  1. Request early access with your use case details
  2. We’ll set up your account and provide API keys
  3. Follow the 5-minute quickstart
  4. Configure your first customer IDP

What support is available?

During early access:

  • Direct access to engineering team
  • Implementation assistance
  • Priority feature requests
  • Dedicated Slack channel

General support:

  • Comprehensive documentation
  • API reference and SDKs
  • Community forum (coming soon)
  • Email support

Can I test with my existing customers?

Yes:

  • Start with willing customer in sandbox environment
  • Test their IDP configuration
  • Validate user experience
  • Gradual rollout to more customers

Migration strategy:

  • Parallel authentication during transition
  • Gradual cutover per customer
  • Rollback capabilities
  • Zero downtime migration

Still Have Questions?

Can’t find what you’re looking for?

We’re here to help you fill your identity infrastructure gaps!