Use case SD Worx

How SD Worx Enables Passwordless Authentication For 5 million Users With nextAuth’s Mobile Passwordless MFA

Jens Hermans
Jens Hermans

Security and cryptography expert (PhD) - CEO at nextAuth

SD Worx is Europe’s leading provider of HR and payroll services at the forefront of the digital transformation of HR services. It services 80.000 companies and 5 million+ users and employs 5300+ people. Their services span the entire employee journey, from attracting to getting people paid, rewarding, and developing talent. SD Worx contacted nextAuth to provide them with a user-friendly and secure authentication process for their mobile app mysdworx and web portal mysdworx.com. In this case study, you’ll discover:

What Were SD Worx's Authentication Needs?

SD Worx has always led the way when it comes to digitizing HR services. However, despite their pioneering activities, their 5 million users and 5300+ employees still had to access the app and portals with authentication methods that cause friction, provide insufficient protection from cyber attackers and aren’t scalable:

"We needed an easy-to-use, universal multi-factor authentication for employees and HR professionals to access their sensitive HR data. Like many organisations, we were asking for an additional code on top of the password. Besides SMSes being unscalable and expensive, it only added friction, and it proved to be too much of an additional hurdle for many users." In nextAuth, we found a frictionless and scalable solution.
Gert Beeckmans - Chief Risk & Security Officer SD Worx
Gert Beeckmans
Group Risk & Security Officer SD Worx

1. The multi-factor authentication system used by HR professionals relied on old-fashioned hardware tokens creating issues for provisioning and supporting this setup in a post-COVID remote working world.

2. Their 5 million+ end users could log in using a password, which 81% of data breaches, username and an OTP, but most users chose SMSes to deliver the OTPs. SMSes are expensive, unreliable and prone to social engineering.

3. The authentication factors weren’t user-friendly, hampering widespread adoption and making end-users opt for a username and password-based login.

4. The authentication mechanisms were often country-specific, making it increasingly difficult and costly to scale the setup toward 5 million+ users in 19 countries.

Gert Beeckmans, Group Chief Risk & Security Officer at SD Worx, knew he needed to prioritise authentication:

What Were SD Worx's Goals?

Gert Beeckmans aimed to “ensure multi-factor authentication for every user with true passwordless multi-factor authentication as the default and:

  1. Provide a frictionless user experience, i.e. enable users to log in fast and seamlessly.
  2. Protect all users – both employees and end-users – from credential theft and data breaches.
  3. Implement a scalable authentication system in terms of cost and support for up to 5 million+ users across 19 countries.”

Why Did SD Worx Choose nextAuth?

SD Worx embarked on a long journey that led them to numerous MFA providers they considered, before partnering up with nextAuth. According to Beeckmans, those vendors didn’t move the needle in terms of security. They merely added a layer of complexity and friction. “We chose nextAuth for a myriad of reasons”:

  1. Firstly, nextAuth’s passwordless MFA solution is mobile-first: “That was paramount for us. We wanted a solution where our users could use their mobile device as an authentication factor. That we could embed nextAuth’s solution into the user’s device was a big plus.” nextAuth’s mobile SDK enabled quick integration into mysdworx, the SD Worx app, which could then be embedded into the user’s device. “This cancels out the need for additional hardware like hardware tokens or smartcards.”
  2. The mobile SDK has other positive implications. It allows SD Worx to scale further and increase the use of its mobile app and guarantees an easy, frictionless rollout. “We needed a universal solution that was easy to roll out to all our users across all countries we’re active in. With the integrated solution, our users don’t need to install a separate and additional authenticator app. It’s just an additional feature in the SD Worx app that at once allows them to log with MFA into all our web and mobile applications.”

  3. nextAuth’s superior user experience was also a significant factor: “We were impressed by its user-friendliness and frictionless authentication experience,” Beeckmans continued. “nextAuth’s solution requires a minimal number of interactions to work. It also provides sufficient context to allow our users to make informed decisions. But more importantly, it’s completely passwordless while guaranteeing a true MFA setup.”
  4. . The SD Worx-nextAuth collaboration will further boost SD Worx’s security posture: “Their advanced public key cryptography ensures that the private key never leaves the user’s device. At the same time, SD Worx servers only need to store the public key, drastically reducing our attack surface.” nextAuth’s cryptography allows the server to verify and protect the secret online without learning or storing it. “Both keys are thus verified in zero-knowledge; meaning that, if we get breached, we do not run the risk of leaking any password hashes, private keys etc.”

  5. nextAuth also got bonus points for its capability to integrate with SD Worx’s IDP provider, TrustBuilder, who delivers the solution as a managed service to SD Worx: “We have a longstanding relationship with TrustBuilder as a trusted partner. The ability of nextAuth to work closely with TrustBuilder to provide a solid authentication experience seamlessly integrated into our IdP setup makes a big difference and is a win-win for all parties involved.”

What Solution Did nextAuth Provide?

Here’s what we provided SD Worx with:

  1. 5 million+ end users and 5300+ employees now log into SD Worx’s app, their web portal and their kiosk with just a fingerprint or face scan on their phone and a PIN as a backup. The private key -which is securely stored on their mobile device (something you have)- is combined with the device’s built- in biometrics (something you are) in the SD Worx mobile app. The users’ mobile phone accounts as a full-fledged factor of the authentication method. The PIN code comes into play if the biometric scan fails.

  2. The HR data of those users are now protected by a more secure authentication method. On top of that, nextAuth’s technology minimises risk of unauthorised access and guarantees non-repudiation of all authentications and transactions.

  3. nextAuth provided the mobile SDK and helped implement it into the SD Worx app, allowing SD Worx to provide a unified multi-factor authentication experience for their users across their web and mobile applications.

  4. The nextAuth IdP enabled SD Worx to seamlessly implement our software into their IAM platform provided by Trustbuilder. This allows SD Worx to frictionlessly manage all their authentication processes.
Use case SD Worx

4) The Results In Numbers

The End Result In Numbers

How SD Worx Enables Passwordless Authentication For 5 million Users With nextAuth's Mobile Passwordless MFA

5 million+ end benefit from our mobile passwordless MFA solution.

How SD Worx Enables Passwordless Authentication For 5 million Users With nextAuth's Mobile Passwordless MFA

We service these end users in 17 European countries.

How SD Worx Enables Passwordless Authentication For 5 million Users With nextAuth's Mobile Passwordless MFA

5300+ SD Worx employees authenticate themselves in a frictionless and secure way.

Book your personal demo
December 2022
Mon
Tue
Wed
Thu
Fri
Sat
Sun
28
29
30
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
1