pavlo/
Enterprise · Identity · POC

Informa/

An identity-provider evaluation POC for Informa — comparing Microsoft Entra, Auth0, and PingOne against a shared protected app to make a defensible enterprise IdP decision.

3/
IdPs evaluated
1/
Shared protected app
OIDC/
Protocol baseline
MFA/
Across all three
Role
Solution engineer · POC author
Timeline
2025 · 4-week POC
Team
Informa security architecture
Live
informa.com ↗
Informa — Championing the specialist hero
Project tour

Browse the project/

Swipe through the shipped surfaces — one screen at a time.

01 / 03
Informa — public site page
Public Informa.com — the brand context for the engagement.
Informa — POC screen
Login picker — Entra / Auth0 / PingOne switched by feature flag.
Informa — POC screen
Protected route — same UI, claims from any of the three IdPs.
Overview

Pick an IdP by running the same code through three of them/

Enterprise identity choices get made on slide decks. This POC made it possible to make the call by running the same protected app through Entra, Auth0, and PingOne — and comparing what actually broke.

Informa needed to choose an enterprise identity provider for an internal portal. Rather than picking on features-on-paper, the brief was: build a single Next.js app, wire it to Microsoft Entra, Auth0, and PingOne behind a feature flag, and run real flows through each.

I built the harness — the protected app, the three IdP configurations, the login + token exchange + refresh + MFA flows — and produced a side-by-side comparison covering DX, role/claim mapping, session handling, MFA, and operational considerations.

The outcome was a defensible recommendation with the receipts to back it.

Next.jsTypeScriptAuth0Microsoft EntraPingOneOIDC / OAuth 2.0Tailwind CSSVercel
Informa POC — shared protected app
01 · Shared harness

One Next.js app, three IdP backends/

A single Next.js app sits behind a feature flag that picks which IdP to use. The same protected route, the same role-mapping logic, the same UI — only the upstream identity changes.

  • Single Next.js app, three IdP profiles
  • Feature-flagged config (env-driven)
  • Same protected route across all three IdPs
Informa POC — auth flow diagram
02 · Flow coverage

Login, refresh, MFA, sign-out — across all three/

Each IdP was wired through the same flow set: hosted login, silent refresh, MFA challenge, role-claim mapping, single sign-out. Anything that worked differently got documented.

  • Hosted login + silent refresh
  • MFA prompts standardized via OIDC step-up
  • Role-claim mapping into the app's RBAC layer
Informa POC — IdP comparison output
03 · Side-by-side comparison

A spreadsheet that picks a winner/

The deliverable wasn't the code — it was a comparison matrix covering DX, operational cost, claim mapping flexibility, MFA UX, audit logging, and lock-in risk. With the working POC behind every cell.

  • DX score per IdP (auth lib, docs, debug-ability)
  • Operational footprint (logging, runbooks, support)
  • Lock-in + portability ratings
Screens

From the public site to the POC harness/

Context for the engagement plus the actual POC surfaces.

Informa — public site page
Public Informa.com — the brand context for the engagement.
Informa — POC screen
Login picker — Entra / Auth0 / PingOne switched by feature flag.
Informa — POC screen
Protected route — same UI, claims from any of the three IdPs.
Build something like this

Choose an IdP by running the code/

If your team is debating identity providers and you want a working harness instead of a slide deck — that's exactly this engagement.

Hire meBack to all case studies