“We are also in contact with Okta with a number of requests for additional logs and information. “ - is it a common practice to share the logs with customers ? Seems unusual .
Matthew Prince has a lot of tweets today about how he might have to begrudgingly enter the IAM space given how disappointed he is, how serious are you guys about this?
Since you're (probably going to be) proxying my website anyway, what if you intercepted /login and handled registration, email address validation, login-with-X, passwords, MFA, etc. Once you've authenticated that user, pass on further HTTP requests to my server but with a token indicating that the user is valid and some means for looking up information on them.
I don't want to be storing user data on a machine I keep in my lounge next to my TV if I don't have to.
Requirements for users data:
- user data must be stored within Russia(Russia)
-users may request a copy of all personal data(EU)
- users may delete all their data (EU)
- similar laws e.g. in California, turkey
Good Compliance with these would be achievable by cloudflare if they stored all user data. I believe Akamai identity cloud does something similar.
Better integration with other security products - Ping, Okta, etc all have marketing that claims they integrate with tons of different vendors but when you actually attempt to implement it often times nobody really knows how it works or if it works at all
Put your resources behind keycloak or ory or similar. If there is demand provide a hosted version, but please don't just reinvent the wheel without a reason.
Cloudflare Identity. Auth0 or Okta offerings but built and managed by Cloudflare.
I do not feel comfortable sending clients to Auth0 or Okta, but I would be comfortable sending them to Cloudflare for identity services, and an engineering first org is better suited for providing this sort of critical service.