How a Simple SSO Decision Unlocked 2 Faster Growth

Eugene Orlovsky — Fri, 13 Feb 2026 11:43:58 +0000

If you're managing multiple digital products and your login system feels messy, slow, or fragile — this is for you.

In this article, I’ll show you:

Why fragmented authentication quietly kills scalability
How we designed a centralized Keycloak SSO platform on AWS
What actually reduced support tickets by 30–40%
How to scale identity without vendor lock-in

No theory. Just what worked in practice.

The Real Problem: Identity Was Slowing Growth

When this Western European energy provider came to us, their authentication system technically worked.

But it didn’t scale.

Four sub-brands.

Multiple portals.

Different user roles.

Rising security requirements.

Every new product meant new integration effort.

Every login issue meant another support ticket.

And in regulated industries like energy, identity isn’t just UX — it’s risk management.

I’ve seen this pattern many times. Login becomes “just a feature”… until it quietly becomes your biggest bottleneck.

Why We Chose Keycloak (And Why It Matters)

There are dozens of managed login providers.

But this client wanted long-term control. No SaaS dependency. No pricing surprises. No architectural lock-in.

So we built the solution around Keycloak.

Why?

Open-source and widely adopted
Full support for OAuth 2.0 and OpenID Connect
Deep customization capabilities
No vendor lock-in

We’ve tested other approaches before. For complex multi-brand setups, flexibility always wins.

And honestly — I love when infrastructure is something the business truly owns.

Architecture First. Always.

We didn’t just “install Keycloak.”

We treated identity as core infrastructure.

Here’s what we built on AWS:

Centralized Keycloak cluster
Private VPC for admin access
Public endpoints only for authentication flows
Clear separation between dev, staging, and production

Security wasn’t an add-on. It was baked in.

And yes — this part is where most teams start drowning in complexity.

Pro Tip: Treat Identity as Infrastructure

If authentication lives inside each product separately, you’re accumulating identity debt.

Centralize early. Even if you're small.

Future you will be grateful.

What Actually Moved the Needle

Let’s talk outcomes — not architecture diagrams.

1. One Login Across Four Brands

Customers now use a single identity across all services.

For the business?

Product onboarding became 2–3× faster.

No duplicated logic. No repeated integration headaches.

2. Custom Admin Tools = Fewer Support Tickets

Out-of-the-box Keycloak admin tools weren’t enough for enterprise support teams.

So we extended them.

Better visibility into account states.

Clearer troubleshooting workflows.

Faster issue resolution.

Result?

30–40% fewer login-related support requests.

That’s not cosmetic improvement. That’s operational cost reduction.

According to Gartner, password-related issues can account for up to 50% of helpdesk calls in some organizations. Reducing identity friction directly reduces IT overhead.

We’ve seen this repeatedly across projects.

Pro Tip: Invest in Admin UX

Most companies optimize customer login.

Almost no one optimizes the admin side.

That’s where massive efficiency gains hide.

3. Secure Impersonation for Support

Support teams sometimes need to see what users see.

But giving broad access? Dangerous.

We implemented controlled impersonation with strict security boundaries.

Better support experience.

No compromised controls.

Balanced systems always win.

4. MFA Without Annoying Everyone

Security was non-negotiable.

But let’s be honest — bad MFA implementations kill UX.

We designed a balanced approach:

One-time verification when logging in from a new device
Trusted devices don’t trigger repeated prompts

Security improved.

User friction stayed low.

Wow, I love this approach when it works cleanly.

Pro Tip: Smart MFA > Aggressive MFA

Challenge users only when risk changes.

Don’t punish them for logging in every day.

The Business Impact

Here’s what changed after launch:

4 brands unified under one identity backbone
2–3× faster onboarding of new products
30–40% reduction in login-related support tickets
Clean AWS-based separation between environments

But here’s the bigger shift:

Identity stopped being a blocker.

It became an enabler.

What You Can Apply Today

If you're scaling digital products, ask yourself:

Do we have one identity system or many?
Are admin tools helping or slowing support?
Are we locked into a vendor model that limits flexibility?
Is MFA increasing trust — or increasing frustration?

If your login architecture feels fragile, don’t wait.

Identity debt compounds faster than technical debt.

And fixing it later? Much more painful.

If you want to modernize your authentication stack — whether with Keycloak or another approach — start by treating identity like infrastructure.

That’s the shift that changes everything.

Ready to Fix Your Identity Layer?

If your team is juggling multiple products, brands, or rising security demands — let’s talk.

At Perfsys, we design and modernize identity platforms on AWS, from Keycloak customization to full SSO architecture.

No vendor lock-in. No overengineered fluff. Just systems that scale.

From Azure to AWS: Building a Secure, Automated Cloud for a Growing SaaS

Eugene Orlovsky — Mon, 18 Aug 2025 11:08:04 +0000

How We Migrated a B2B SaaS from Azure to AWS (and Automated CI/CD Along the Way)

Moving clouds isn’t always sunny skies 🌩️➡️☀️.

Recently, our team at Perfsys worked with a fast-growing B2B software company that decided to shift their infrastructure from Microsoft Azure to Amazon Web Services (AWS).

The goal? Build something scalable, SOC2-ready, and developer-friendly — without slowing down releases.

Here’s how we tackled it 👇

The Situation

The company had built their platform entirely on Azure (AKS, Cosmos DB, Azure Pipelines, etc.).

It worked fine during early development, but cracks started to show:

Environment isolation was unreliable.
CI/CD pipelines were fragmented.
Secrets management wasn’t great.
Monitoring and compliance checks required a lot of manual effort.

As they prepared for a public launch (and SOC2 audit), it became clear: they needed a more structured, automated, and secure setup.

The Game Plan

We broke the migration into five phases, each focused on clear deliverables:

📌 AWS Organization Schema

A multi-account AWS layout with IAM Identity Center (SSO), centralized logging, and SOC2 guardrails.

Discovery & Planning
- Mapped dependencies, reviewed CI/CD, and built a migration roadmap.
AWS Foundation Setup
- Created separate accounts (prod/stage/dev).
- Set up SSO, centralized logging, and compliance controls.
Infrastructure as Code
- Deployed VPC, subnets, RDS (PostgreSQL), S3, ALBs — all through Terraform.
CI/CD Automation
- Connected existing Azure pipelines to AWS ECR + ECS.
- Built a hybrid pipeline with secure secrets handling.

📌 CI/CD Pipeline Overview

From Git commit → Docker build → ECR → ECS deploy.

Production Deployment
- Rolled out services behind VPN-only access.
- Added image promotion and safe deployment policies.

The Outcome

By the end of the project, the company had:

✅ A SOC2-ready AWS setup with centralized logging and access control.

✅ Fully automated CI/CD pipelines across dev, staging, and production.

✅ Secure, private infrastructure with VPN-only access.

✅ Reproducible environments (Terraform-powered).

✅ Reduced ops overhead via container orchestration and autoscaling.

Most importantly, developers could spin up and tear down environments at will, test faster, and ship with confidence 🚀.

Key Takeaway

Cloud migrations don’t have to be painful. With the right structure, automation, and security guardrails, you can move fast without breaking things — or compliance.

👉 Curious how this might work for your own team?

Check out perfsys.com to see how we help companies scale smarter in the cloud.

DEV Community: Eugene Orlovsky