Effective 1/20/2020, Skyetel has switched its authentication from our own internal databases to Auth0. Auth0 is an external identity provider that is trusted by some of the biggest and best names in technology for authentication and security. This change allows Skyetel to offer SSO in a secure, scalable way and enables us to do things like Multi-Factor Authentication, Password Resets, etc.
The purpose of this guide is to answer more detailed technical questions about why we did this, the side effects, and what/who "AuthEngine" and "Auth0" are.
Auth0 is an external service provider that specializes in providing authentication services. Think of them as an external password database service provider - they store the credentials that you use when you log into our portal and provide us the green or red light when you attempt to authenticate yourself into Skyetel's services.
We decided to make this switch for a few reasons:
1. Auth0 is much much better at authentication than we are. They have all kinds of bells and whistles that we feel are valuable. Things like Multi-Factor Authentication, Password Resets, Email Verification, SSO, etc, are all things that Auth0 is excellent at. It's also all they do - so they're hyper focused.
2. Maintaining our own suite of authentication services (things like Multi-Factor Authentication, SSO, etc) creates an ever-growing attack area for malicious third parties to attack. If we miss a critical update, make a typo, or fail to do a timely fix, the consequences can be hugely bad. This is why we resisted expanding our own authentication features for the last few years.
3. Auth0 uses things like compromised password monitoring and fancy AI magic to insure that your credentials are safe. This allows us to do things like automatically expire your password if it is detected in hacked and breached lists.
AuthEngine is a name we chose in order to obscure the branding of Skyetel for Tenants. This is primarily for our Tenant Portal users rather than our own Skyetel Users. Auth0's branding flexibility is limited and therefore prevented us from strictly categorizing Tenant Users from Skyetel users. This prevented us from using our reseller's logo on services provided by Auth0 (which was a sacrifice that was difficult for us to make).
Instead, we decided to rely on Auth0's own branding and create AuthEngine. By doing this, our Tenant Portal Administrators (usually our resellers) can tell their customers that they themselves use Auth0 for security without mentioning the Tenant Portal is a Skyetel service. This was the best of all scenarios we could come up with while still using Auth0.
So you may see mentions of AuthEngine and Auth0 in Skyetel services (like password resets) in lieu of Skyetel. This merkiness is simply because Auth0 doesn't have the same branding flexibility that we have and is expected behavior.
SMTPEngine is basically the same thing as AuthEngine and is used for the same reasons. Since our Voicemail Transcription service is used by many resellers, we use this to obscure the Skyetel.com domain. This is also expected behavior and is not a bug.
Single Sign On
One of the biggest benefits for Skyetel using Auth0 is that it allows us to tie into other SSO services. We use this most significantly with Zendesk (where support.skyetel.com lives), but it also allows us to offer authentication using Google, Microsoft, etc.
Furthermore, this functionally gives us the ability to offer Tenant Users permission-based edit rights to Skyetel assets. For example - in a future version of the Skyetel Tenant Portal, a Tenant User may be able to update the Caller ID settings on their own phone number. Without the SSO functionality of Auth0, this kind of permissions was not possible for us to build.
There are some Auth0 limitations that are important to mention and that are impactful for a handful of our customers. While this list may not be comprehensive, it should serve as a good starting point for users who fall into these edge cases.
Skyetel Usernames must be real Email Addresses
While we've been enforcing this for a while, a number of our privacy conscious customers use emails like email@example.com or firstname.lastname@example.org. Those customers may continue to do so, but the emails will need to be able to receive email from us.
We Cannot Edit Your Email
With Auth0, your email address is no longer editable. So once you create an account with Skyetel, that email is permanently associated with your Skyetel account. However - for customers who need to change the email address we have on file with them, we can disable your old email and create a new one that you can use to create an account. While this is cumbersome, it is part of how Auth0 works, and is a limitation we cannot get around.