Customer Story: Synthesis Software Technologies

Learn how Synthesis modernized a global investment firm's identity stack using Duende IdentityServer to replace legacy sessions with secure, cloud-native OAuth2.

Madison Reinsel | March 19, 2026

Industry: Financial Services | Region: South Africa & Netherlands

Synthesis Software Technologies is a premier AWS Premier Tier Partner specializing in high-stakes "Code, Cloud, and Data" solutions. For over 20 years, they have solved complex technology challenges for the financial sector, including all major banks in South Africa and several global investment firms.

When a significant South African investment management firm needed to retire its aging authentication infrastructure, they turned to Synthesis to build a foundation that could meet the rigorous security and regulatory demands of modern finance.

The existing infrastructure relied on a legacy, cookie-based authentication platform. While it had been functional for years, it had become a liability in a cloud-first world. The system lacked native support for modern API architectures, struggled with standards compliance, and created integration bottlenecks that restricted the firm's ability to innovate.

The objective was clear: transition to a secure, token-based identity platform that supported OAuth 2.0 and OpenID Connect, enabled flexible multi-factor authentication (MFA), and could scale reliably within a cloud-hosted SaaS model. Because this transition involved sensitive financial data, any user disruptions or security regressions were non-negotiable.

Non-negotiable Requirements:

Transition from rigid cookies to flexible, token-based identity (OAuth 2.0/OpenID Connect)
Implement a scalable, SaaS-hosted model without disrupting existing users
Enable complex, multi-factor authentication (MFA) journeys
Maintain the strict security posture required by financial regulators

The Solution: Control-Centric Identity Infrastructure

Having pioneered some of the first SSO experiences in South Africa, the Synthesis team understood that financial services require more than just "off-the-shelf" identity. They needed a solution that offered deep architectural control.

Synthesis had previously leveraged IdentityServer4 and made the strategic decision to transition to Duende IdentityServer early in its lifecycle.

By using Duende as their identity infrastructure, Synthesis was able to:

Decouple Identity Logic: Use Duende's standards-compliant framework to handle the complexities of the OpenID Connect (OIDC) protocol while focusing on the client's specific business requirements.
Accelerate Engineering: Leverage Duende's Quick Start guides and structured configuration model to move from concept to production faster than building from scratch.
Enable Cloud-Native Scaling: Deploy a lightweight, stable, and highly available solution optimized for their AWS-hosted SaaS environment.

Evolving Security and Standards Compliance

In the financial sector, stability is the ultimate metric. The modernized platform has run in production for nearly three years with exceptional reliability.

By adopting a token-based architecture with Duende, Synthesis helped its customer eliminate the risks associated with legacy session patterns. The transition to OAuth 2.0 was entirely seamless from the customer's perspective, reinforcing the firm's security posture without impacting the user experience.

A Partnership Built on Responsiveness

Login interface built by Synthesis using Duende IdentityServer

Building enterprise-grade identity often involves navigating technical nuances. During the implementation phase, Synthesis encountered a licensing configuration issue. The Duende team responded immediately, resolving the bottleneck efficiently and ensuring the project remained on schedule. This level of direct engineering support is a hallmark of the Duende experience, enabling partners such as Synthesis to deliver with confidence.

Results and Future Outlook

Today, the investment firm benefits from a fully compliant, OIDC-certified identity layer that simplifies API integration across its entire distributed system. The solution is not only secure but maintainable, allowing the client to evolve its digital offerings without being constrained by its identity stack.

"Duende has been incredibly easy to build, maintain, and scale for our cloud-hosted SaaS solution, and we have been thoroughly impressed with the responsiveness from the team."

— Dean Maier, Head of Cloud, Synthesis Software Technologies

As Synthesis continues to modernize legacy systems for global financial institutions, Duende IdentityServer remains a core component of their architectural toolkit — providing the balance of standards-based security and developer flexibility required for the modern enterprise.

Lessons for Other Duende Customers

When evaluating the market against heavyweight SaaS providers, Duende stood out for its architectural control and extensibility. Synthesis didn't reinvent the wheel; they leveraged Duende's extensibility rather than building custom identity logic from scratch.

Duende's Strategic Advantages:

Standards-First Architecture: Full, certified support for OAuth 2.0 and OIDC.
Engineering Velocity: Duende's Quick Start guides bypass boilerplate and focus on custom business logic.
Developer Experience: Clear documentation and a structured configuration model allowed the team to build highly specific authentication journeys.
Licensing Clarity: A straightforward annual model that provides enterprise-grade support without the hidden "monthly active users" costs often found in other CIAM tools.

Benefits Realized:

Security: Drastically reduced risk by eliminating legacy cookie patterns.
Compliance: Full alignment with OAuth 2.0 and OpenID Connect standards.
Integration: Simplified API connectivity across the entire cloud ecosystem.
Infrastructure: Lightweight, scalable footprint optimized for AWS.
Uptime & Trust: 3 years of high stability and operational reliability in production.