Drive to Cloud and SaaS-based Identity Management

Download PDF version

In 2016, after nearly two decades of successfully bringing on-premises software solutions to the education and government sectors, Softdocs began a modernization journey to provide Software-as-a-Service (SaaS) content management and automation solutions. Softdocs recognized that the increased focus on consistent delivery and performance required the cloud. With the drive to the cloud and an initiative to build a new cloud-native, no-code form builder tool, Softdocs recognized the need for a new identity management solution that would enable seamless user experiences as users moved between the existing Etrieve suite of products and the new form builder. Softdocs selected Frontegg as the partner to provide this service, aligning identity services with the goal of providing modern, secure, cloud-native SaaS software solutions.

Friction with an In-House Solution

The Softdocs’ engineering team faced many challenges related to identity management. Unlike a more traditional Identity Provider use case, in which one client integrates among many disparate systems with the same Identity Provider (IdP) as its base, Softdocs’ Etrieve product needs to support Single Sign-On (SSO) with many different Identity Providers and interoperability with multiple protocols, including SAML 2.0, OpenID Connect, and OAuth 2.0, across its client base. This business-to-business integration required robust handling of these protocols to fit the variety of implementations a client may have. In addition, clients may require support for other authentication methods and behaviors, such as using a social login and bypassing the Etrieve login page completely. Supporting these use cases required significant configuration because no two clients were alike.

Originally, Softdocs engineers solved these identity management needs in-house using an open source identity service framework. Protocol support and feature needs grew over the years to encompass a myriad of additional behaviors and quirks required by clients. By 2022, implementation of SSO for a client required one to two days of customer time by Softdocs’ Professional Services team to set up and troubleshoot authentication through complex configuration. Post implementation, Softdocs’ Support team had to handle modification to the integration. Clients lacked the self-service capability they desired due to the complexity of the configuration.

With the decision to build a cloud-native form builder, engineering had to decide whether to integrate the existing identity service with it to align with the existing Etrieve implementation or explore another solution. The use of the existing identity service was not ideal from a technical, service, or strategic standpoint.

  • From the technical perspective, the framework was out of compliance after the deprecation of an older version, and the implementation within Etrieve had grown so complex that it required Softdocs to maintain a Security Architect with specialized knowledge to maintain and improve it. Integrating a noncompliant framework into the new product was not an option, and neither was having two separate logins – the experience had to be seamless for users.
  • From the service perspective, the maintenance of client SSO implementations became a time sink, a burden that always required some of the team’s bandwidth. Specialized knowledge around protocols and troubleshooting often required engineers to assist.
  • Strategically, while identity management is critical for a secure product, Softdocs is not in the identity business as part of its core value proposition.

These concerns were primary drivers toward the decision to offload identity management to a partner who could guarantee a cloud-native, secure SaaS solution that met clients’ business challenges, supported a simpler implementation process, and could easily be integrated into both the new form builder and existing Etrieve product suite.

Selecting a Partner for Identity Management

Once the decision was made to go with a vendor for identity management, the selection process began. One vendor immediately stood out as a behemoth in the industry, and their SaaS authentication platform appeared to fit the needs on paper. It was clear from the start that this vendor viewed the relationship as transactional and was not invested in being a long-term partner.

“[The vendor] did not offer the flexibility and features we needed in the SaaS platform that aligned with our vision. There was misleading communication and additional cost that made it difficult for us to confirm the viability of the solution fit. They were unwilling to partner with us to ensure the success of Softdocs. We were forced to look elsewhere.” – Andrea Link, SVP of Engineering and Cloud

After only a few conversations, it was clear the Frontegg team represented a completely different relationship. Not only was the Frontegg solution aligned with Softdocs’ vision of cloud-native SaaS, the team offered ample support and documentation through the entire proof of concept. Engineering was pleased to see how easily Frontegg’s product slotted within the new form builder.

The relationship was tested when engineering began replacing the identity service in Etrieve with Frontegg. There were ten years of technical complication to unwind, but the mission was clear: seamless integration among the entire Etrieve suite. Frontegg partnered valiantly with Softdocs during this project. Frontegg’s engineering team was on frequent calls with Softdocs engineers during late nights and holidays, committing to developing critical functionality to aid in the implementation of Softdocs’ use cases. The Frontegg team was essential to Softdocs’ engineering success.

Next Steps in the Identity Provider Relationship

After six months of integration and fine tuning, the Softdocs-Frontegg partnership is nearing the first big client test. In only a few weeks, the new identity management solution will be available for all cloud clients.

As part of the adoption of the Frontegg service, Softdocs clients will gain authentication features and capabilities that were not part of the original roadmap, including MFA for local accounts, custom login boxes, and the ability for users to set their own passwords. The engineers at Softdocs will no longer have to worry about maintaining and updating complex configuration files for SSO and claims mapping, and the security team sleeps well at night knowing that Frontegg keeps the company in compliance with NIST. Once clients begin to adopt, time savings for the Professional Services and Support teams will also be realized.

Through it all, the partnership that has formed gives Softdocs confidence that Frontegg’s support team will be there every step of the migration process.

“We are particularly excited about the self-service SSO connection now available to our customers through Frontegg. Previously, onboarding a new client and setting up their SSO connection required handling multiple configuration files and extensive client interaction. Now, with Frontegg’s step-by-step instructions for some of our clients’ most commonly used IdPs, clients can complete the process with minimal intervention from us.” – Mallory Joynt, Product Owner

This partnership not only aligns with the original project goal of selecting a SaaS service provider to take the onus of managing identities, but it also sets a standard for all other vendors as far as the level of support, communication, and mutual benefit that comes when organizations invest in each other’s success.

About Softdocs

Softdocs develops enterprise content management, e-forms and process automation solutions for the public sector: higher education, K-12, and state and local government markets.

The company’s Etrieve platform redefines business processes, reducing the need for paper and improving student, administration, and constituent services and employee productivity by providing complete control over how content is captured, processed, and distributed.

A privately held company founded in 1998, Softdocs is headquartered in Columbia, South Carolina.