Moneyfarm modernises application and increases developer agility
saved by partnering with Okta vs building Identity in house
to build a working MFA prototype
“If we had to build MFA on our own, or brute-force protection, I think we would have needed five, six, seven developers for running and building the project.”
Alessandro Orrù - Senior Engineering Manager
Moneyfarm is among Europe’s largest online wealth management companies. Over 50,000 customers trust them with over £1 billion in assets, and they have earned that trust by providing a simple and transparent way to invest. “There is a lack of transparency in the market,” explains Moneyfarm’s senior engineering manager Alessandro Orrù. Moneyfarm is different because it’s accessible to customers “that either don’t have a lot of money to invest, or maybe they simply don’t have enough knowledge to invest.”
Like many startups, Moneyfarm began with a monolithic application that handled all of their services. When Orrù and his team realised it couldn’t scale, however, they decided to pursue a microservices approach.
One of Moneyfarm’s first priorities was to overhaul authentication. “We sell financial products. We don’t build authentication. We shouldn’t build authentication,” Orrù says. “Authentication is something that is very complex and shouldn’t be part of what we’re doing on a daily basis, in terms of spending developers’ resources. So we tried to figure out what products were available to replace our developers’ time and do something a lot better, a lot more secure.” They quickly decided on the Okta Customer Identity Cloud, powered by Auth0.
Two days for mobile implementation
Moneyfarm signed on with Okta Customer Identity Cloud in 2018 and began transitioning all their customer authentication for both their mobile apps and website. On the web side, Moneyfarm used the platform's custom database feature to connect Customer Identity Cloud with Moneyfarm’s legacy system, thus ensuring a seamless migration. "We had to deal with the transition between the two, but it was quite easy," Orrù says, "and that was really, really cool."
When it came time to transition authentication for Moneyfarm’s mobile applications to Customer Identity Cloud, Orrù says, “it was even simpler because all the connection with our user base was already there.” The entire process took only a couple of days, and Orrù credits Okta’s software development kits (SDKs) and documentation with streamlining the process.
Fast implementation has enabled Moneyfarm to keep adding new Customer Identity Cloud features, such as multi-factor authentication (MFA). “It took a couple of hours to have a working MFA prototype,” Orrù says, happily. The team also used Actions to customise their MFA solution, allowing users to opt-in based on their personal preferences.
Customer Identity Cloud does the work of over five developers
Moneyfarm has roughly 30 developers on their team, and Okta Customer Identity Cloud allows them all to stay focused on building their core product. According to Orrù, “If we had to build MFA on our own, or Brute-Force Protection, I think we would have needed five, six, seven developers for running and building the project.” Those features are critical for a company that handles sensitive financial information and needs to be GDPR-compliant.
“We simply don’t have enough working power to build something that is always on the bleeding edge for the security of the authentication,” Orrù says.
Okta Customer Identity Cloud is also saving the team time on customer support. In the past, when users accidentally triggered Brute-Force Protection and locked themselves out of their account, it took Moneyfarm five minutes to unblock them. Those minutes quickly added up, with 10 to 15 support tickets per week. Now, the process takes seconds. “Finally, we have a solution to unblock users without having developers edit our database directly,” Orrù says. “They simply go to CIC, look for the user and unblock them.”
Authentication clears the way for new partners and possibilities
Using Okta Customer Identity Cloud has freed Moneyfarm’s team to work on new projects, such as a collaboration with the Italian postal service, Poste. “The moment we signed with them and we started developing, Okta helped us a lot in allowing them to authenticate with our systems,” Orrù says. “If we didn’t have Okta, we would have spent a lot of time building our own solution for that.”
Likewise, the team recently enabled PSD2, an EU directive that connects Moneyfarm’s app directly with users’ bank accounts. Explains Orrù: “What we can do with PSD2, is, for instance, start a wire transfer on behalf of the user instead of asking them to go to their bank and send us their money to be invested.” It’s a huge breakthrough for their business. “If we’d had to deal with rebuilding the authentication system, it would have shifted the priorities,” Orrù says. “It wouldn’t have been possible without Okta.”
Trusted by over 50,000 active investors, Moneyfarm is a pan-European digital wealth manager that provides a unique combination of simple investment advice and discretionary management. Launched in 2012 and headquartered in the UK, it simplifies investments and offers advice on diversified portfolios to deliver sustainable growth through a range of asset classes. Operating through both an online platform and app, Moneyfarm’s approach to investment combines human empathy and financial expertise with the efficiency of technology to deliver cost-effective advice and investment solutions to every user. The company is led by co-founders Giovanni Daprà and Paolo Galvani.