Features
Fiduciary

Accounto implements Auth0 for highly secure and uncomplicated access management. In this blog post, you will learn what Auth0 is all about and how your trust company can benefit from the authentication and authorization platform.

Personal data on religious, ideological, political or trade union views and activities as well as data on health status, sexual orientation, receipt of social assistance and data on administrative and criminal prosecutions or sanctions are considered particularly worthy of protection under Swiss data protection law. A breach of data security can sometimes have serious consequences for the person concerned.

Thousands of fiduciaries in Switzerland work with personal data such as wages, social security numbers and information on contributions to political parties from private individuals or individual companies on a daily basis. In payroll accounting, they also see when employees of a company they look after receive sick pay, are on maternity or paternity leave, get married or move. Fiduciary companies must take appropriate technical and organizational measures to protect personal data from unauthorized access, leaks and loss. Fines of up to CHF 250,000 may be imposed for willful violation of the Data Protection Act.

Reading tip: In this blog post, you can read what the completely revised Data Protection Act, which has been in force since September 1, 2023, means for your fiduciary company.

Trust companies rely on highly secure and simple access management

With data protection-compliant fiduciary software such as Accounto, fiduciary companies can store and process all data on a secure platform. As the manager, you define the access rights so that you have complete control over who can view and edit which data. Accounto now offers user identification via Auth0. This authentication and authorization platform enables login and access management that is precisely tailored to the needs of Swiss fiduciary companies. The security of data and applications is a top priority for Auth0 and is also suitable for projects with increased data protection or compliance requirements.

The following sections will give you an overview of Auth0.

How does Auth0 work?

Software providers such as Accounto integrate Auth0 into their application to enable communication between the software and Auth0. In concrete terms, this means that for users who are registered with Accounto we send a request to Auth0 to create a profile for them, but only with the data required for authentication (not the complete user profile). If users want to log in or register with Accounto after the integration, this request is forwarded to Auth0 within shortly . Auth0 then processes the login information and, if authentication is successful, returns a token that confirms the identity of the user. In the case of Accounto, this is a one-time code sent to the registered email address. Auth0 therefore uses tokens to manage authorization. These include the ID token, which identifies users, and the access token, which allows access to protected resources.

What makes the use of Auth0 attractive for end users?

In contrast to many conventional authentication solutions and tools, Auth0 supports single sign-on, which is sometimes translated as “one-time login”. This means that users only have to log in once to access several applications used in their day-to-day work – including Accounto as of now. Single sign-on not only ensures greater user-friendliness, but also reduces the risk of lost passwords and significantly simplifies the entire identity management process.

How does Auth0 differ from two-factor authentication?

In practice, Auth0 and two-factor authentication, where software providers protect logins to their application by verifying two factors such as a desktop app and a smartphone, are often used together. Two-factor authentication can be implemented as one of the functions that Auth0 supports. However, Auth0 offers a much broader range of identity management features.

Auth0 enables the implementation of multi-factor authentication to add additional layers of security. This can be a password, a link to a mobile device for an authentication code or biometric data. The option of reliable multi-factor authentication is beneficial for industries where additional data and login security is required, such as trust services.

How does Auth0 deal with suspicious logins?

Detecting deviating behaviour patterns, monitoring login activities or calculating potential risks using risk scoring: Auth0’s great flexibility means that the authentication and authorization platform can be configured to handle potentially suspicious login attempts in a way that fully meets your security requirements. Find out now in a no-obligation consultation how Auth0 and Accounto can make access management in your trust company more secure and simpler.