18 Sept, 2024
Established in 2005, Detector Inspector is one of the original testing and maintenance service suppliers serving Victoria, NSW, Queensland, South Australia, the ACT and Tasmania. Their mission is to make homes safer by providing gas, electrical, smoke alarm, and water efficiency testing and maintenance services.
Detector Inspector have built a suite of compliance, technician and tenant-focused custom technology to ensure homes and businesses satisfy safety and compliance obligations. The platform saves time, reduces hassle and ensures tenants, real estate agents and landlords are protected.
Detector Inspector were looking to uplift their security, as well as adding new login methods to their customer facing products by implementing a new authorisation and authentication platform.
Detector inspector were seeking assistance with:
Assessing the current state of customer facing authentication and authorisation
Running a comprehensive vendor selection process
Understanding the system and customer impacts
Creating an implementation road map
Configuration of the chosen solution
Due to the complex nature of implementing authentication and authorisation, the engagement was broken down into three phases: analysis, proposal and implementation.
Analysis
A key outcome was to understand the impacts of the project. The two areas of consideration were:
Customer impacts
System impacts
While customer impact may not seem like an obvious consideration with regards to authentication and authorisation uplift, there can be major discrepancies in the login look and feel depending on what technologies are selected. People, in general, are familiar with concepts like social logins and OAuth (even if they don’t know it), but change management activities required for different customer groups is an important consideration.
Secondly, looking at which systems interacted with the current auth system, and how auth was being handled in general was important so a sensible migration path could be planned.
The analysis phase highlighted approximately 10 impacted customer groups and over 40 services.
A final aspect of the analysis phase was selecting an appropriate vendor. Due to the single tenant nature and excellent support offering, FusionAuth was selected.
Proposal
After an understanding of the current business and system state was achieved, prioritisation of goals was undertaken so that guiding principles for the implementation could be established.
Due to the large scope of the work, and inherent risks, it was important to establish and maintain a focus throughout the engagement. A decision was made that the first milestone would be to keep as many parts of the user experience and system as stable as possible while moving the source of truth for authentication to the new provider. This would enable services to be cut over one at a time to the new authentication system.
At a high level this looked like:
Current State
Milestone 1
Milestone 2
The final step was configuring the FusionAuth so that it behaved in a similar fashion to the existing auth system.
Considerations here were the:
Key and method used for signing JWT tokens
Content of the JWT tokens
Hashing method used for storing user passwords
The configuration was done purely through infrastructure as code using Terraform.
To ensure that any manual configuration was identified as quickly as possible, daily CI/CD builds were set up to detect any drift between the Terraform code and the running FusionAuth instances.
Finally, a user import script was created to ease the burden of cutover. The script was able to leverage the comprehensive APIs offered by FusionAuth to provide an easy, repeatable, and reliable user migration process.
Initial testing had been conducted against the deployed FusionAuth instances which resulted in a resounding success! A vast majority of the existing services did not require any changes and the source of truth for customer login credentials could now happily live in FusionAuth.
This foundational step set Detector Inspector up to further enhance their login experience and improve their security posture over time with minimal risk.
"Midnyte City played a pivotal role in enhancing Detector Inspector’s security framework by implementing a robust new authorisation and authentication platform for our customer-facing products. Their approach was meticulous, starting with a thorough assessment of our existing systems and followed by a comprehensive vendor selection process. Midnyte City’s team demonstrated a deep understanding of both the technical and customer impacts, and their expertise was evident throughout the creation of an effective implementation roadmap.
Working closely with Rowan and Henrik, we were consistently impressed by the quality of talent Midnyte City brought to the table. Their ability to seamlessly integrate into our project, not just as technical experts but as partners in product and stakeholder engagement, was remarkable. They provided valuable leadership in establishing sustainable patterns that we continue to utilise long after the engagement concluded.
Midnyte City’s professionalism, communication, and commitment to delivering a high-quality solution exceeded our expectations. We are more than satisfied with the outcome and wouldn’t hesitate to recommend Midnyte City to any organisation seeking top-tier expertise in security and system implementation."
Shannon Tresider
Head of Product Technology, Detector Inspector
If you would like to speak to someone about similar challenges in your team or organisation, reach out below to schedule a time.