Case Study

Hint Health Saves Engineering Resources and Improves User Security Leveraging Frontegg’s Identity Platform

Summary

An acquisition left Hint Health, the leading digital health company dedicated to supporting the growth and success of the Direct Primary Care (DPC) movement, with two different identity management technology stacks. After deciding it did not want to spend precious engineering resources on building and maintaining identity management, the company chose Frontegg to streamline and better secure identity management onto a single technology platform.

Hint picked Frontegg because it offered out-of-the-box support for multi-tenancy and rich self-service capabilities appropriate for everything from small healthcare organizations to large multi-site institutions with thousands of employees. In addition, Hint loved that Frontegg focused on reducing complexity and providing DIY capabilities to end-users, including SSO configuration, security policies defined at the tenant and user level, and customizable branding, colors, logos, and URLs for portal and log-in pages.

Hint felt that these DIY features would provide direct value to end-users and make their lives easier. After offloading identity management requirements to Frontegg, Hint was able to both focus more engineers on developing value-added features for its core product and to offer a wider array of identity management features than it had in the past.

Background

Hint Health is the leading digital health company dedicated to supporting the growth and success of the Direct Primary Care (DPC) movement. With a mission to power direct care and make it the new standard, Hint’s technology powers thousands of clinics and networks across the nation providing care for more than a million members.

Hint’s customers range from smaller physician DPC practices to large, multi-site, multi-tenant healthcare institutions with thousands of users. The company’s SaaS solutions include its EHR-integrated membership management & billing software, its Direct Primary Care focused EMR solutions, and its curated national network of independent DPC clinics – all of which are critical aspects of changing the landscape for healthcare delivery and management in America.

The Challenge: Deliver Broad Multi-Tenancy and DIY Capabilities to a Diverse Customer Base

Hint Health initially built its own in-house identity management and authorization solution but was looking to expand its capabilities in this area as its customers required more robust multi-tenancy capabilities. Additionally, the identity requirements of healthcare companies can look quite different between practices.

As a result, Hint doesn’t just need to engineer their own identity solution but also to engineer an identity system to meet the needs of every type of independent practice that uses its tool. And it has growth implications. If they don’t have a feature set that supports a particular type of healthcare practice, then they can’t do business with that customer without additional engineering investment.

Hint acquired a company that was using Amazon Web Services Cognito for identity management. Hint’s product and engineering teams realized that unifying the two systems would create a lot of complexities; one relied on JSON Web Tokens, and the other did not.

Continuing to build the solution in-house would have meant initially confining identity management to basic email password authentication; this might have caused its larger potential customers to look elsewhere. Regardless, Hint knew it would need to allocate significant resources and time to stay abreast with emerging identity technologies and security protocols. Yet, authentication was not Hint Health’s core competency. This scenario posed a recurring dilemma: Should the team devote their time and resources to authentication or focus on their main product offerings, such as clinical billing and eligibility management?

Standing at this key decision point, the Hint team decided to step back and evaluate a wide variety of identity management solutions. During the evaluation process, Hint‘s product team took time to think deeply about future needs. They identified a wide range of needs and capabilities that could improve customer experience, better support a wider range of customers, and empower customers to focus on the healthcare they’re providing.

First among them was improved multi-tenancy capabilities. “We have a massive amount of business logic around multi-tenancy,” notes Greg Hilkert, a senior product manager at Hint. Smaller customers only needed basic identity management capabilities like email and password resets, while larger organizations demanded more complex capabilities, such as full-featured enterprise SAML and SSO. And some larger customers might have different needs for different business units or sub-organizations. To continue growing and increase its potential customer base, Hint needed to better support a full spectrum of multi-tenancy requirements.

Hint further realized that it wanted to offer customers a better user experience with more DIY options for end-users. Enabling admins and users to set up their own security policies, such as defining session timeouts or setting login criteria, would reduce friction and improve security. Because Hint’s customers include both technical and non-technical users, an easy way to customize the look, feel, logo, and even URL of their signup page and admin portals would remove complexity and allow customers to better meet the unique needs of their patients.

An additional need Hint identified during the evaluation process was giving customers the ability to easily download and ingest user activity logs for auditing and security purposes, which helps ensure their customers stay compliant.

Hint knew they needed a solution that allowed them to smoothly transition overall legacy capabilities, including IP and domain restriction for security policies, and to seamlessly migrate customers and their users without disruption. Lastly, Hint needed a solution to check basic security and risk boxes, including security and compliance certifications and uptime SLAs.

The Solution: Flexible, Scalable, and Feature-Rich CIAM and User Management with Robust Multi-Tenant Capabilities

Hint evaluated numerous identity management and user management products, comparing features and capabilities and test-driving multiple solutions. They elected to try a Frontegg proof-of-concept instance and were pleased with the results. Hilkert liked Frontegg’s strong focus on multi-tenancy and enabling granular provisioning at the tenant level of a wide array of features, capabilities, and policies.

Frontegg also checked all the necessary security and compliance boxes, including HIPAA and SOC2 compliance and strong uptime guarantees. Hilkert was also confident that, at a minimum, Frontegg could deliver all the capabilities present in Hint’s legacy system, and he loved the possibility of many additional capabilities for more complicated multi-tenant use cases, such as SSO integration.

Hint decided to integrate Frontegg as its identity management solution and began to roll it out to customers in early April 2023. After a smooth migration in coordination with the Frontegg engineering team, Hint gained numerous benefits, including:

Replicating all the capabilities in the previous platform, including tenant-level session logout, password complexity requirements, and domain/IP restrictions
Providing flexible, scalable multi-tenancy that meets the business logic needs of smaller organizations, with straightforward requirements, and larger enterprises. with enterprise-grade needs such as SSO, SAML, federated login, support for multiple authentication methods, passkeys, and more advanced security features
DIY management of security policies at the admin and user level without requiring complicated configuration scripts or engineering support
Integration with multiple SSOs, including Google, Microsoft, and OAuth, enabling user choice at the SSO level
Simplified log file management to reduce infrastructure complexity and provide customers with more flexibility in log handling

“With Frontegg, we don’t need to think about committing engineering resources to build new auth and identity features. Frontegg has everything we need now and for the future, and their roadmap and feature development is impressive.”

Frontegg simplified the architecture and engineering requirements for Hint’s engineering team, offloading IAM and security requirements, and freeing up core engineering resources to build additional platform features. With access to a broad array of Frontegg capabilities, the Hint team planned a rich roadmap of new CIAM features on an accelerated timeline; this should prove especially important to Hint’s growing ranks of enterprise healthcare customers with more sophisticated multi-tenant demands and security requirements.

Hint’s product team deployed a phased rollout of Frontegg starting in the Spring of 2023, with additional features and users coming online later in 2023 and 2024. Frontegg’s customer success team has provided ongoing support and assistance, enabling Hint to meet ship dates and enjoy a smooth, secure platform transition.

Frontegg Delivered:

Rich multi-tenancy capabilities such as SAML, SSO, and tenant-level customization of URLs, workflows, and security policies
Self-service and personalized management of MFA, SSO, session timeouts, and other key security and user experience aspects with visual dashboards
DIY customization of the look and feel of the Frontegg portal with colors, logos, flexible layouts, and even custom URLs
Easy incremental provisioning of existing users on a rolling basis
Simplified migration with comprehensive engineering support
Future-proofing of the application with features such as passkeys and additional capabilities
Tenant and customer-level log export for security and compliance

“One of the significant wins of implementing Frontegg was decreasing login friction. In the first month of using Frontegg, 30% of our users were able to stop using traditional username/passwords logins in favor of Google Sign ins. This greatly reduced the friction necessary to access our product. Frontegg also helped us prepare for the future with enterprise SSO. We’ve had several large clients where SSO has been a requirement, without Frontegg we’d be stuck building that ourselves.“

Cookie	Duration	Description
_vis_opt_s	3 months 8 days	Visual Website Optimizer sets this cookie to detect if there are new to or returning to a particular test.
_vis_opt_test_cookie	session	Visual Website Optimizer creates this cookie to determine whether or not cookies are enabled on the user's browser.
li_gc	6 months	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
messagesUtk	6 months	HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.

Cookie	Duration	Description
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_hjSession_*	1 hour	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hjSessionUser_*	1 year	Hotjar sets this cookie to ensure data from subsequent visits to the same site is attributed to the same user ID, which persists in the Hotjar User ID, which is unique to that site.
_hp2_ses_props.*	1 hour	Heap sets this cookie to store the timestamp and cookie domain or path.
_omappvp	1 year 1 month 4 days	The _omappvp cookie is set to distinguish new and returning users and is used in conjunction with _omappvs cookie.
_omappvs	20 minutes	The _omappvs cookie, used in conjunction with the _omappvp cookies, is used to determine if the visitor has visited the website before, or if it is a new visitor.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.
cb_anonymous_id	1 year	Clearbit sets this cookie to track page views and traits for Clearbit.
cb_group_id	1 year	Clearbit sets this cookie to track page views and traits for Clearbit.

Cookie	Duration	Description
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
cb_user_id	1 year	Clearbit sets this cookie to collect data on visitors. This information is used to assign visitors into segments, making website advertising more relevant.

Cookie	Duration	Description
__Host-session	14 days	No description available.
__tld__	session	Description is currently not available.
_cfuvid	session	Description is currently not available.
_crowdcontrol_session_key	session	Description is currently not available.
_g2_session_id	session	Description is currently not available.
_hp2_hld346349427843107.1065080579	5 minutes	Description is currently not available.
_hp2_hld6722177740337317.1065080579	5 minutes	Description is currently not available.
_hp2_hld8090462093010520.1065080579	5 minutes	Description is currently not available.
cbtest	1 year	Description is currently not available.
debug	never	No description available.
events_distinct_id	session	Description is currently not available.
h1_device_id	1 year	Description is currently not available.
pfjscookies	1 year	Description is currently not available.

Hint Health Saves Engineering Resources and Improves User Security Leveraging Frontegg’s Identity Platform

Summary

Background

The Challenge: Deliver Broad Multi-Tenancy and DIY Capabilities to a Diverse Customer Base

The Solution: Flexible, Scalable, and Feature-Rich CIAM and User Management with Robust Multi-Tenant Capabilities

Frontegg Delivered:

Explore more content

Slope Software Migrates to Frontegg 85% Faster Than a Leading Identity Competitor

Loris Transitions to Frontegg for Enhanced Authentication Solutions

New Architecture and New Identity, How InStage Leveraged Frontegg for Scalable User Management