Introducing the next era of Duende IdentityServer.

Read our CEO’s announcement

Effectory

Learn how Effectory, Europe's leading employee feedback platform, uses Duende IdentityServer to power a highly customized identity layer for 3.1 million users across 260+ federated organizations.

  • Region: Netherlands (Amsterdam & Munich)
  • Industry: HR Technology / Employee Experience
This is the Effectory logo

Effectory is Europe's leading employee feedback solution. Built on more than 25 years of experience, the company's platform helps over 1,200 organizations in 110 countries listen to their people, turning employee feedback into people analytics that drive engagement, retention, and productivity.

Behind that platform sits an identity system that has to do something genuinely difficult: serve millions of survey respondents who may only sign in once, while simultaneously protecting the HR administrators, managers, and consultants who handle deeply personal employee data. Effectory built that system on Duende IdentityServer and has been quietly evolving it for nearly a decade.

The Challenge: One Identity Layer, Many Very Different Users

Effectory's product surface spans a wide spectrum of user types. On one end are the millions of employees who fill in surveys about their employers, often touching the platform only briefly. On the other end are the HR leads, managers, and Effectory's own staff who configure those surveys, view dashboards, and historically, have handled personally identifiable information ranging from email addresses to home addresses.

A single, off-the-shelf identity flow couldn't reasonably serve both. Effectory needed an identity platform that could:

  • Centralize authentication across a large catalog of internal and customer-facing applications
  • Federate with hundreds of customer tenants via SSO, primarily through Azure
  • Apply MFA selectively, based on role, organization, and the sensitivity of the data being accessed
  • Support custom login flows, custom branding, and home-realm discovery from a single sign-in domain
  • Scale to millions of users without forcing every login through expensive runtime lookups

The team also wanted something they could own architecturally — not a SaaS identity provider that would dictate UX or limit how deeply they could customize flows.

The Solution: A Customized IdentityServer Deployment, Maintained In-House

Effectory originally adopted IdentityServer4 during its open-source era and transitioned to Duende IdentityServer when the commercial license was introduced. The product was already deeply integrated into the platform and the team had built enough custom logic on top of it that staying with Duende was the clear path forward.

Today, Effectory's identity platform branded internally as "Sign In" and hosted on its own domain handles:

  • 3.1 million registered users, with roughly 240,000 active sign-ins in the last six months
  • 260 SSO configurations, predominantly Azure-federated customer tenants
  • 130 configured client applications, spanning customer-facing products, internal tools, Swagger/API portals, and test environments
Effectory’s Login UI
Effectory’s Login UI

Jimmy van den Berg, a Tech Lead at Effectory who has been involved with the identity platform for nearly a decade, leads the scrum team responsible for authentication and authorization. Adding new clients and SSO configurations is a routine, well-documented task that anyone on the team or even support can handle. But the deep extensibility work tends to live with Jimmy and one other colleague. Here are a few customizations Effectory has built on top of Duende IdentityServer:

  • Custom login UI and flows, designed and maintained in-house
  • Home-realm discovery, routing users to the correct SSO configuration based on the email address they enter
  • MFA enforcement via email
  • Password validation via Have I Been Pwned (HIBP) integration
  • Dynamic claims for internal staff, pulled from Microsoft Graph and Entra ID at sign-in to drive downstream authorization
  • Group-based client access automation, so IT can grant access by simply adding someone to an Entra group
  • A self-service portal that lets customers configure client and authorization settings themselves
  • An event pipeline that publishes sign-in and organization-membership events to downstream systems

Tiered MFA, Driven by Role and Organization

One of the more nuanced parts of Effectory's deployment is how it decides who needs MFA and when.

Some users are required to use MFA, with no opt-out, like Effectory employees, HR administrators with access to personal data. Others, such as customer organizations whose users only fill in surveys, can choose whether MFA is required for their people. Certain roles are locked to MFA-on regardless of customer preference; for others, the customer organization controls the toggle.

Rather than running all of this logic at sign-in time, which would degrade the login experience, Effectory does the heavy lifting in the background. Functions running outside the hot path evaluate each user's role, organization membership, and the relevant organization-level MFA settings, then write a simple flag onto the user. By the time someone authenticates, IdentityServer just needs to read that flag.

It's a pattern that scales cleanly to millions of users without sacrificing security policy granularity, and it's only possible because Duende IdentityServer is extensible enough to let the team plug their own logic in wherever it's needed.


Effectory’s multi-factor authentication settings
Effectory’s multi-factor authentication settings

Why Effectory Stays on Duende

With license renewal coming up, Effectory's team evaluated whether to stick with Duende or migrate elsewhere. The conclusion was straightforward: the value of what they've built on top of Duende, combined with the product itself, makes staying the right call.

A few things stood out:

Documentation that actually carries the team. Jimmy described Duende's documentation as "extensive" and noted that when something isn't covered, the support team responds quickly. The team doesn't need to lean on support often, but they know it's there.

Standards parity, without the team having to think about it. New specs, new flows, new functionality arrive through routine updates. As Jimmy put it, the team doesn't have to bother with protocol-level concerns: they just update and get "all these fancy new functionalities."

Extensibility that doesn't fight the team. Effectory's identity platform is full of exception cases: specific roles, specific organizations, specific flows. That kind of customization is exactly what would be impossible (or painful) on a more opinionated SaaS identity provider. With Duende, the team writes the logic they need and IdentityServer gets out of the way.

Investment compounds. Years of custom flows, custom UI, dynamic claims, and event pipelines aren't easily portable. For Effectory, that isn't lock-in in a negative sense. It's accumulated value that would be wasteful to throw away.

A Quiet Kind of Success

Effectory's story isn't a dramatic migration narrative. There's no production crisis, no failed alternative, no last-minute rescue. It's something rarer in enterprise identity: a system that has worked, predictably, for the better part of a decade — to the point that the team can spend their attention on the business problems that actually move the product forward. The platform handles authentication; the team handles the product.

That's the bar Duende aims to clear: identity infrastructure that's invisible when it should be, and extensible when it needs to be.

Lessons for Other Duende Customers

Effectory's experience illustrates a few patterns that translate well to other organizations running customer-facing identity at scale:

  • Push expensive decisions out of the login hot path. Effectory pre-computes MFA requirements asynchronously so that sign-in stays fast, even as policy complexity grows.
  • Lean on Duende for the protocol, own the experience. Effectory built their own login UI, branding, and home-realm discovery on top of Duende's standards-compliant core, rather than fighting a vendor's defaults.
  • Treat customizations as a competitive moat, not a liability. Years of investment in flows, claims logic, and event pipelines become part of the product and Duende's extensibility makes that investment safe.
  • Use the documentation. For Effectory, Duende's docs are the primary onboarding path for new team members touching the platform.

Benefits Realized:

  • Scale: ~3.1M registered users and ~260 federated SSO configurations on a single platform
  • Customization: Custom login flows, MFA logic, dynamic claims, and self-service customer configuration
  • Maintainability: A small team of six people, with deep expertise concentrated in two, keeps the platform running
  • Standards Compliance: Continuous alignment with OAuth 2.0, OIDC, and emerging specs through routine updates
  • Team Focus: Identity "just works," letting engineering attention go toward customer-facing features