close icon
STIGG

Introducing the Auth0 + Stigg Integration

Easily implement dynamic entitlements in SaaS applications with Auth0 and Stigg

December 10, 2024

TL;DR: this post introduces the new Auth0 + Stigg integration, and explains its capabilities and how it works. If you just want to set it up go here.

For years, seat-based subscription models have been the default for B2B SaaS pricing. Seats were meant to provide a good representation of the value customers get from the product: the more employees use it, the more value they are likely to get from it.

But the rise of GenAI products and features is altering this paradigm. Gen AI capabilities often create huge value through discrete actions, such as resolving customer inquiries, generating content, or automating tasks, without resulting in additional seats being required. Some companies are starting to experiment with "outcome-based pricing" to align product pricing with customer value. Companies like Intercom and Zendesk are charging per resolution.

Yet implementing usage-based or outcome-based pricing comes with significant technical and operational challenges. Unlike simpler models, these require systems capable of real-time tracking, handling dynamic entitlement, and granular billing. For example, Zendesk's move to charge per resolution demanded an overhaul of its billing infrastructure to track consumption accurately and ensure customer transparency. This flexibility is necessary for companies of all sizes but not part of their core differentiator.

This is where the Auth0 + Stigg integration comes in. By combining Auth0's robust identity and authentication platform with Stigg's dynamic entitlement management, this partnership empowers developers to implement modern pricing models effortlessly. Consider a scenario where a SaaS company starts with per-user licenses and adds a token-based AI pricing model: the integration allows teams to define, monitor, and iterate on token consumption at scale without having to build custom infrastructure​The Auth0 + Stigg integration not only simplifies this process but ensures it's scalable and secure, enabling teams to focus on delivering innovation.

Why Auth0 + Stigg?

Stigg is a developer-first platform designed to simplify entitlement management. It allows teams to define plans and entitlements in code, enabling real-time checks to determine whether users can access specific features based on their subscription or usage. This flexibility empowers teams to iterate quickly on product offerings, adapting to product and market changes with minimal effort.

The Auth0 and Stigg integration simplifies this process by connecting Auth0's identity management with Stigg's entitlement enforcement capabilities. Instead of manually building custom integration logic, developers can leverage the integration to seamlessly authenticate users and enforce feature access based on entitlements.

Auth0 + Stigg

Common Use Cases

This integration addresses several use cases that streamline app development and improve the end-user experience.

Automatic provisioning

In Stigg, a customer can represent either an individual user or an organization, handling both B2B and B2C flows.

With Auth0 and Stigg, you can easily provision subscriptions for both B2B customers and B2C users when they are onboarded by configuring product-level customer journeys. For example, assigning new customers with a default free plan or starting a trial for a paid plan is possible in no code.

Auth0 + Stigg

Automatic active users metering

For B2B companies, tracking active users helps measure product adoption and growth. This integration automatically tracks active users during the login process, making it easy to implement usage-based billing models like pricing per Monthly Active Users (MAU). This is especially helpful for self-service plans, where customers typically pay based on how much they use the product instead of a fixed number of licensed seats.

Enforcing user limits

Tracking active users can also help enforce seat limits, especially for enterprise customers. The system can ensure that the number of active users stays within the limits of their agreement, which is ideal for fixed-seat contracts. This helps vendors and customers stay aligned with the terms of their plans.

While not part of the integration, using Auth0 and Stigg allows entitlement enforcement for typically paid features like Single Sign-On (SSO) or System for Cross-domain Identity Management (SCIM).

You can use Stigg to check if users have access to configure a feature, and then use Auth0 to set it up.

This makes it easy to offer tiered features that scale with customer needs and create upsell opportunities for larger customers.

Setting up the Integration

This integration connects an environment in Stigg to your Auth0 tenant by creating:

  • One Action in your Auth0 tenant Post Login flow to handle Stigg customer provisioning from Auth0 users/organizations and send login events to Stigg.
  • An "Active Users" metered feature in Stigg for tracking MAUs based on Auth0 logins.

Prerequisites

To begin integrating Auth0 into your Stigg project, there are a few requirements that you'll need to set up before getting started:

  • A Stigg account with an environment you want to integrate with. To create an account, visit Stigg website and click "Try Stigg" to get started.
  • An Auth0 tenant. You can read more about how to set one up here.

Initial setup

To set up the integration, follow these steps:

  1. Log in to your Stigg account and select the Stigg environment to which this integration will have access. Note: The integration is limited to one environment per Auth0 tenant.
  2. Navigate to "Integrations" -> "Apps" -> "Auth0"
  3. You'll need to create a new Auth0 Machine-to-Machine Application and authorize Stigg to access the Auth0 Management API. Learn how to do it here.
  4. Under the integration Auth0 tenant step, enter your Auth0 Tenant ID and Region.
  5. Enter the Client ID and Client Secret of the application you've created in step 3.

Initial setup

  1. Click "Connect".
  2. Select and confirm the Auth0 application you want to integrate with Stigg.
  3. When selecting the Auth0 application, confirm the type of users Stigg will handle. This will be automatically preselected based on the Organization Behavior of the chosen Auth0 application:

    1. Individuals (B2C): Every individual user will be associated with a customer in Stigg. For example, Spotify associates every listener with a customer record to manage subscriptions and billing.
    2. Business users (B2B): Every organization will be associated with a customer in Stigg. For example, Slack connects each company using its platform to a customer account to manage workspace-wide billing and services.
    3. Both: Individual users and organizations will be associated with customers in Stigg. For example, OpenAI offers products like ChatGPT to individual users while also providing businesses with API access to integrate AI into their applications.

    Stigg_Integration

  4. Click "Continue"
  5. Select the initial subscription plan to be assigned automatically when this integration provisions new customers. If you haven't created a Product and Plan yet, you can learn how to do it by referring to the Docs.
  6. Stigg_Integration
  7. Click "Complete setup"

The integration is now active. You can confirm the setup by navigating to your tenant's Post Login actions within Auth0 (Select Actions > Triggers > "post-login"), where you will find a new custom action at the end of the flow.

Auth0 Action

After authentication, Stigg creates an action in the Auth0 tenant at the end of the Post Login flow.

The action handles both customer and subscription provisioning, usage metering, and enforcement of active users' limits belonging to an organization. It operates in the Post-Login flow of the Auth0 tenant and automates critical aspects of user management.

When a user logs in, the action provisions a customer in Stigg. If the user has logged into an organization, the customer will be created and associated with the user's organization (B2B); otherwise, the customer will be created and associated with the user (B2C).

The customer subscription is automatically provisioned according to the configuration in Stigg. This step eliminates manual subscription plan assignment, ensuring users start with the right level of access.

The action also meters and enforces the limit of active users belonging to an organization. For example, you can easily limit the number of MAUs in a free plan and charge customers based on the number of MAUs in a paid plan. If the MAU limit is reached, Auth0 restricts new user logins, allowing for a straightforward upgrade path.

Auth0 Action

  1. An app makes an authentication request to the Auth0 server, triggering the Auth0 Post-Login Action.
  2. (Conditional) If the customer associated with the user (B2C) or organization (B2B) has not yet been provisioned based on the metadata of the Auth0 object, the Auth0 Action sends a request to Stigg to provision the customer.
    Note: Depending on the login type, the customer ID is mapped to Auth0's organization ID (B2B) or user ID (B2C).
  3. Stigg provisions the customer and sends a response back to the Auth0 Action.
  4. The Auth0 Action updates the metadata of the Auth0 object to indicate that the customer has been provisioned.
  5. (Conditional) If the login flow is B2C, the action stops execution and allows the login flow to continue.
  6. The Auth0 Action sends an entitlements query request to Stigg.
  7. Stigg returns the entitlements to the Auth0 Action.
  8. (Conditional) If the active users' entitlement usage exceeds the limit, and the user's last login time is not within the current usage reset period (i.e., it is a new active user), halt the login flow and return an "Access Denied" error message.
  9. The Auth0 Action updates the user's last login time in Auth0.
  10. The Auth0 Action reports the login event to Stigg.
  11. The action allows the login flow to continue.

You can find the full source code of the action here.

Getting the Most out of Auth0 + Stigg

By leveraging Auth0's industry-leading authentication and user management capabilities alongside Stigg's flexible entitlements and monetization features, you can streamline delivering a unified, end-to-end membership management experience. Here are the benefits of having both platforms working together:

Authentication

Auth0 provides a robust, secure, and scalable authentication solution that handles everything from social logins to multi-factor authentication. With minimal setup, you can ensure your application is secure, giving your customers a frictionless login experience.

User and organization management

Whether you're supporting single-user accounts or multi-tenant setups for B2B customers, Auth0 makes it easy to define user roles, assign them to organizations, and manage access controls.

Automatic MAU tracking

Stigg's integration with Auth0 leverages login extensibility points to automatically track Monthly Active Users (MAUs). This eliminates the need to implement your integration, saving development time while ensuring accurate tracking. With Stigg, you can turn Auth0's login data into actionable insights, seamlessly tying usage patterns to your subscription and billing logic.

Gate enterprise features

Advanced features such as Single Sign-On (SSO) can be guarded by entitlements configured in Stigg, so only users on specific plans have access to premium capabilities. This makes it easy to offer tiered features that scale with customer needs and create upsell opportunities for larger customers.

Introduce a user/customer self-service portal

Stigg provides powerful self-service UI components you can easily embed directly into your application. With minimal code, these embeddable components simplify the self-service experience, allowing users to make changes to their subscriptions instantly.

These components allow users to view their current plan, choose between available upgrades, see usage data and limits of metered features, update their billing information, view invoices, and handle payment details without leaving your app.

Billing Integration

For recurring payments, Stigg natively integrates with billing solutions such as Stripe Billing. In just a few clicks, you can connect a Stripe account to your Stigg environment to automatically start issuing invoices and collecting payments for paid subscriptions. You can learn more about how to connect your Stripe account by referring to the Docs.

See Stigg + Auth0 in Action

Follow the "Implement a Unified E2E Membership Management Experience with Stigg" developer lab to get hands-on practice on the concepts you have learned throughout this blog post so far. By the end of the lab, you'll have a React application that has a comprehensive "Billing" tab as seen on this live demo.

Easily build Apps With Auth0 and Stigg

This is just the beginning of the capabilities unlocked by combining Auth0 and Stigg.
We're excited to see how you use this integration to create scalable, user-friendly applications. Whether you're managing users, subscriptions, metering usage, or setting up advanced entitlements, this integration provides you with a complete toolkit for building and growing your apps.

For more information or support, visit our documentation. And if you have feedback about this integration, please reach out! We'd love to learn about how you are using it :)

  • Twitter icon
  • LinkedIn icon
  • Faceboook icon