top of page

Auth0 Migration

Improvement Focus:

Authentication, identity and access management, user data security.

​

My Responsibility:

* Write PRD, user stories, and acceptance criteria.

* Plan for proactive risk prevention & reactive risk response.

* Articulate complex concepts for technical and non-technical stakeholders through visual diagrams.

* Stakeholder management across 10 cross-functional and cross-regional teams.

* Directed a stream-aligned team of 10 engineers.

* Present roadmap review to senior executives.

Context

PitchBook clients were facing inconsistent login experiences across web platform, mobile, Chrome Extension, and Office Plugins due to our applications' reliance on distinct authentication solutions. These non-industry-standard solutions also raise in-house security risks of custom identity management.

Morningstar Auth0 technology provides a centralized identity management solution that benefits PitchBook in leveraging industry-supported standard for authentication, reducing in-house risks of custom identity management, and integrating third party applications. It also benefits our clients with consistent and easier login experience, and advanced login methods, such as password-less login.

Objectives

Migrate all PitchBook home-grown authentication systems to Morningstar Auth0 while ensuring seamless user experience.

Success Metrics

North Star: 100% individual user credentials and SSO accounts are migrated to Morningstar Auth0.

Supporting: Login success rate, Number of accidents, Accidents response time, Login support case, User satisfaction

Migrated 100,000 individual users and 3,000 SSO accounts with 99.999% login success rate while ensuring seamless login experience.

Roadmap

Auth0 Migration Roadmap.png

Pain Points

- Inconsistent user experience across PitchBook products

- Inconsistent authentication infrastructure with Morningstar

- In-house security risks of custom identity management

- Hard to integrate third-party applications

- Hard to implement advanced authentication methods

Challenges

3 User Segments

  • Pure PitchBook users

  • PitchBook + Morningstar Pre-registered users

  • PitchBook + Morningstar Managed users

6 Regular Authentication Flows

  • User log in

  • Create new user

  • Forgot password

  • Reset password through PBAdmin

  • Force password reset

  • Unlock user

5 Platforms

  • Web Platform

  • Mobile App

  • Chrome Extension

  • Excel Plugins

  • PowerPoint Plugins

Large User base

  • 100,000+ individual users

  • 3,000+ SSO accounts

Solutions

The Silent Login Mechanism (Seamless Migration)

Silent Login 1.png

Risk Management (99.999% login success during migration)

Proactive Risk Prevention

  • Architecture review in early stage

  • Thorough QA test planning

  • Post-release monitoring system development

  • Multiple rounds of Bug Bash

  • Roll out plan

  • Roll back plan

  • Internal communication (Support; FMT)

Reactive Incident Response

  • Immediate action: reverse change (if in PROD)

  • Investigate root cause

  • Propose temporary turnarounds vs. permanent fixes

  • Make data-driven decision on pre-defined roll back plan

  • Adjust roll out plan based on data

  • Prompt internal & external communication

  • Sprint retro: document process enhancement for future reference

Incident

Scenario:

Within the first hour of the Phase I major release, login failure rate raised that we received ~80 support cases. After prompt investigation, we found new user segments -

  • (83%) Pure PitchBook users

  • (17%) PitchBook + Morningstar users (Managed users + Pre-registered users)

While the goal was to migrate 20% of all users in the first month of Phase II, the Silent Login logic at the time was not able to hold all different types of users, which might cause login failure or reset password loop.

Reaction:

​- Immediate action: reverse change

- Root cause: ID Mapping error

- Temporary workaround: Manual ID mapping for impacted users

- Permanent fix: Implement fixes to Silent Login logic

- Support communication

- Dev/Client call exception

- Roll out plan adjustment: Flagged Silent Login for selected users

- Migration flow design for newly detected user segments

- AM/CSM communication (email outreach preparation & review)

- Sprint retro: document process enhancement for future reference

Retrospective

Well Done

  • Roll out plan (low traffic hours, limited accounts)

  • Efficient internal & external communication

  • Data-driven decision making

  • SAT agility in addressing incidents & iteration

  • Senior leadership management

To improve

  • Comprehensive Consideration: Loop in Morningstar Architecture team in early stage

  • Diverse demography in Bug Bash

  • Bug Bash at least 2 sprints ahead of major release

  • Automate flag/unflag process

  • Take user satisfaction rate into consideration

Key Takeaways

Login User Flow During Migration
Silent Login Migration - 17% - Page 1.png

Silent Login All Users

Communication in Technical Projects

Visualize ideas via diagram

  • eg. Complete Silent Login Logic

User Stories

  • Given...When...Then... + Acceptance Criteria

bottom of page