DEV Community

Cover image for How a Simple SSO Decision Unlocked 2 Faster Growth
Eugene Orlovsky
Eugene Orlovsky

Posted on

How a Simple SSO Decision Unlocked 2 Faster Growth

#keycloak #sso #aws

If you're managing multiple digital products and your login system feels messy, slow, or fragile — this is for you.

In this article, I’ll show you:

  • Why fragmented authentication quietly kills scalability
  • How we designed a centralized Keycloak SSO platform on AWS
  • What actually reduced support tickets by 30–40%
  • How to scale identity without vendor lock-in

No theory. Just what worked in practice.

The Real Problem: Identity Was Slowing Growth

When this Western European energy provider came to us, their authentication system technically worked.

But it didn’t scale.

Four sub-brands.

Multiple portals.

Different user roles.

Rising security requirements.

Every new product meant new integration effort.

Every login issue meant another support ticket.

And in regulated industries like energy, identity isn’t just UX — it’s risk management.

I’ve seen this pattern many times. Login becomes “just a feature”… until it quietly becomes your biggest bottleneck.

As digital services expanded, fragmented login management created a cascade of complexity across security, operations, and user access

Why We Chose Keycloak (And Why It Matters)

There are dozens of managed login providers.

But this client wanted long-term control. No SaaS dependency. No pricing surprises. No architectural lock-in.

So we built the solution around Keycloak.

Why?

  • Open-source and widely adopted
  • Full support for OAuth 2.0 and OpenID Connect
  • Deep customization capabilities
  • No vendor lock-in

We’ve tested other approaches before. For complex multi-brand setups, flexibility always wins.

And honestly — I love when infrastructure is something the business truly owns.

Architecture First. Always.

We didn’t just “install Keycloak.”

We treated identity as core infrastructure.

Here’s what we built on AWS:

  • Centralized Keycloak cluster
  • Private VPC for admin access
  • Public endpoints only for authentication flows
  • Clear separation between dev, staging, and production

Security wasn’t an add-on. It was baked in.

And yes — this part is where most teams start drowning in complexity.

Pro Tip: Treat Identity as Infrastructure

If authentication lives inside each product separately, you’re accumulating identity debt.

Centralize early. Even if you're small.

Future you will be grateful.

Keycloak deployment across private and public AWS VPCs, separating administrative access from customer-facing authentication.

What Actually Moved the Needle

Let’s talk outcomes — not architecture diagrams.

1. One Login Across Four Brands

Customers now use a single identity across all services.

For the business?

Product onboarding became 2–3× faster.

No duplicated logic. No repeated integration headaches.

2. Custom Admin Tools = Fewer Support Tickets

Out-of-the-box Keycloak admin tools weren’t enough for enterprise support teams.

So we extended them.

Better visibility into account states.

Clearer troubleshooting workflows.

Faster issue resolution.

Result?

30–40% fewer login-related support requests.

That’s not cosmetic improvement. That’s operational cost reduction.

According to Gartner, password-related issues can account for up to 50% of helpdesk calls in some organizations. Reducing identity friction directly reduces IT overhead.

We’ve seen this repeatedly across projects.

Pro Tip: Invest in Admin UX

Most companies optimize customer login.

Almost no one optimizes the admin side.

That’s where massive efficiency gains hide.

3. Secure Impersonation for Support

Support teams sometimes need to see what users see.

But giving broad access? Dangerous.

We implemented controlled impersonation with strict security boundaries.

Better support experience.

No compromised controls.

Balanced systems always win.

4. MFA Without Annoying Everyone

Security was non-negotiable.

But let’s be honest — bad MFA implementations kill UX.

We designed a balanced approach:

  • One-time verification when logging in from a new device
  • Trusted devices don’t trigger repeated prompts

Security improved.

User friction stayed low.

Wow, I love this approach when it works cleanly.

Pro Tip: Smart MFA > Aggressive MFA

Challenge users only when risk changes.

Don’t punish them for logging in every day.

The Business Impact

Here’s what changed after launch:

  • 4 brands unified under one identity backbone
  • 2–3× faster onboarding of new products
  • 30–40% reduction in login-related support tickets
  • Clean AWS-based separation between environments

But here’s the bigger shift:

Identity stopped being a blocker.

It became an enabler.

What You Can Apply Today

If you're scaling digital products, ask yourself:

  • Do we have one identity system or many?
  • Are admin tools helping or slowing support?
  • Are we locked into a vendor model that limits flexibility?
  • Is MFA increasing trust — or increasing frustration?

If your login architecture feels fragile, don’t wait.

Identity debt compounds faster than technical debt.

And fixing it later? Much more painful.

If you want to modernize your authentication stack — whether with Keycloak or another approach — start by treating identity like infrastructure.

That’s the shift that changes everything.

Ready to Fix Your Identity Layer?

If your team is juggling multiple products, brands, or rising security demands — let’s talk.

At Perfsys, we design and modernize identity platforms on AWS, from Keycloak customization to full SSO architecture.

No vendor lock-in. No overengineered fluff. Just systems that scale.

Top comments (0)