Build a Secure, Cost-Effective Identity System with Open-SourceBuild a Secure, Cost-Effective Identity System with Open-Source
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started
Back to feedPost
Nikolai's avatar
Nikolai Pavlov
May 8
It’s Friday evening, the week is winding down, and I’m sipping tea, reflecting on a conversation I had with a founder earlier this week.
We were discussing security. Specifically, how to stop a disgruntled former employee from taking the entire customer database with them when they leave.
His solution? "We’re thinking about signing an Enterprise contract with Okta or Auth0."
I almost choked on my tea.
Don't get me wrong, Okta is a beautiful product. But it’s also the most effective legal extortion mechanism in the B2B world. They hook you with a $6/user sticker price, but the moment you need actual security—like Adaptive MFA, API access, or automated offboarding—you realize those features are locked behind "Enterprise" add-ons.
Suddenly, a mid-sized team is paying $25 per internal user, plus thousands more for their customer identities (CIAM) through Auth0. And worst of all? You’re now managing two separate, siloed systems.
The "Okta Tax" isn't just a monthly bill; it's a tax on your engineering team's time.
I told him to put the credit card away and let me build him an open-source fortress instead.
My approach: The Authentik Engine
I deployed authentik (an incredible open-source Identity Provider) on a secure, self-hosted AWS environment. Yes, configuring OIDC apps, mapping granular RBAC (Role-Based Access Control) policies, and setting up token expiration is complex. It’s not "click-and-play."
But here is the ROI:
Unified Identity: Workforce (employees) and CIAM (customers) live in the same system. One dashboard.
The Ultimate Kill Switch: I orchestrated the authentik API using n8n. If an employee is terminated, an automated webhook revokes their access across every single internal app (Appsmith, Retool, Supabase) in milliseconds.
Zero "SaaS Tax": The company now pays ~$25/month for the AWS instance, instead of bleeding $2,000+ monthly on licensing fees.
Sometimes, the most sophisticated architectural decision is knowing when to stop paying for shiny SaaS tools and start owning your infrastructure.
If your team is drowning in SaaS subscriptions just to keep your data secure, let's talk about building a real backbone. Have a great weekend!
Technology LeadershipSystems EngineeringN8NPostgreSQLCybersecurityauthentikidentitymanagementBudibase
Emman's avatar
Emman Ermitaño
pro
1d
Great work! And the UI looks neat too
Nikolai's avatar
Nikolai Pavlov
15h
Thank you 🙌
Back to feed
The network for creativity
Join 1.25M professional creatives like you
Connect with clients, get discovered, and run your business 100% commission-free
Creatives on Contra have earned over $150M and we are just getting started