How to mitigate risk when your auth vendor gets acquired

Authentication is an integral part of your application, and as such the acquisition of your auth vendor isn’t like other acquisitions. It could mean many things for your business, and you’ll have to decide how to respond accordingly.

This blog post is an excerpt from What to Do When Your Auth System Vendor Gets Acquired.

Will your new provider give you the same support? Pricing? Integration options? All of these might change for better or for worse.

While clearly an acquisition is cause for concern, it might not be all bad. In this article, we’ll examine how to mitigate some of the issues that arise when your auth system vendor is acquired.

Review your contract

It’s also important to think about how this contract might be expected to change. Get clarity and get yourself ready.

Review your usage

Are they following standard auth protocols? How many of your apps are using this vendor? At a minimum, answering these questions will keep you well informed should you need to migrate to another vendor.

Talk to your account manager

Don’t forget to ask about migration timelines while you’re at it, so you know how soon you need to be prepared and for what changes.

If you don’t have an account manager, send an email to the sales or support team. They may send you elsewhere, but are a good starting point.

Evaluate What It Would Take to Switch Vendors

Even if you stick with your vendor through the acquisition, at least now you know more, and you’re prepared for whatever comes afterward.

Consider Impact to Current or Planned Projects

It’s best to discuss this with your stakeholders, again so that everyone is on the same page and has consensus about priorities.

Consider Other Options

  • Use a non SaaS solution: SaaS solutions are great, but if you use a non-SaaS solution, where you host it yourself, you have far more control over any changes to functionality. You may have to upgrade for security or contractual reasons, but you’ll be able to do it on your timeline, not the acquirer’s. FusionAuth can be self-hosted and has a community version that is free for unlimited users.
  • An open-source solution: You’ll still have to manage your own source code. You’ll just be using a free and community-driven solution like Gluu, Keycloak, or OpenIAM. Your team will have to explore these projects and choose the one that works best for your system.
  • In-house custom build solution: In some rare cases, none of the available solutions will be a good fit for your organization, and you’ll decide to build a custom auth system for your product. This will require more resources to achieve but of course, when completed, you’ll have a solution that works best for you. Further, such a choice can be fine-tuned with more features in the future at your will (and expense)-something you won’t get anywhere else.

To learn about more about vendor acquisitions, such as short-term and long-term benefits and risks, read What to Do When Your Auth System Vendor Gets Acquired.

Was this article awesome? Click a star to rate it.

Originally published at

Auth for built for devs. Installs on any server, anywhere in the world. Integrates with any codebase.