Identity-as-a-service provider Auth0 raises $120 million at a $1.92 billion valuation

Bellevue, Washington-based identity-as-a-service startup Auth0 today announced it raised $120 million at a post-money valuation of $1.92 billion, up from $1 billion in May 2019. A company spokesperson said the funds, which bring Auth0’s total raised to over $330 million, will be put toward R&D and go-to-market expansion efforts.

Online data breaches are on the rise, and it’s no great mystery why. In a recent survey conducted by LastPass, 59% of respondents said they reused passwords across multiple accounts, and more than half said they hadn’t changed their password in the past year. About 95% of cybersecurity breaches are attributable to human errors like these, and malicious hackers are taking full advantage. It’s estimated that there’s a cyberattack every 39 seconds on average.

Auth0’s identity platform suite, which can be deployed in the cloud, supports single sign-on (SSO) through a universal flow that directs users to a centralized authorization server. If all else fails, the company detects password compromise in real time by checking against a database of “hundreds of millions” of breached credentials. Affected users are notified automatically via email or text, and Auth0 gives admins the option of preventing access until after they reset their passwords.

Auth0 boasts integrations with popular platforms and protocols like G Suite, Microsoft’s Azure Active Directory and Active Directory Federation Services (ADFS), Lightweight Directory Access Protocol (LDAP), and even Facebook, Twitter, WordPress, GitHub, and PayPal. Its account-linking feature can consolidate duplicate user names across providers, and Auth0 allows customers to customize the authentication experience with custom-branded domains and a web and mobile login widget — Lock — that can be embedded within apps.

On the management side of things, Auth0’s dashboards afford control over user account provisioning (and deletion), permissions, and identity providers and offer full visibility into authentication, device, login history, and location logs for auditing and debugging. Moreover, the company delivers tools that surface data for personalized user targeting and that enable control over features like social logins, multi-factor authentication, and anomaly detection on a per-app basis.

Auth0’s other spotlight services include a powerful rule builder that automates things like verification emails and app authentication. The company’s Passwordless widget lets users login without a password via SMS or email, and its Guardian app for iOS and Android enables them to authenticate themselves or deny login requests with the tap of a button.

Auth0 isn’t alone in an identity and access market that’s anticipated to be worth $22.68 billion by 2025. New York-based Socure nabbed $30 million in February 2019 for its cloud-based identity verification and fraud prevention solution. Global identity verification provider Onfido raised $50 million just last April, and troubled identity management firm Jumio recently found more stable footing and launched a new authentication product. More recently, identity and credentials verification firm Evident raked in $20 million.

But Auth0 asserts that rivals lack its scale and robustness. The company claims to have prevented over 1.3 million malicious logins to date with 99.9% uptime, and it handles between 80 million and 1 billion transactions every day and more than 4 billion logins per month (an increase from 2.5 billion in May 2019 and 1.5 billion in May 2018). Current and past high-profile customers include Mozilla, PBS, Arduino, Atlassian, Siemens, Nvidia, Harvard Medical School, News Corp, HarperCollins, Mozilla, Nando’s, Talbots, AMD, Nvidia, Tableau, Schneider Electric, and over 9,000 others in more than 70 countries.

With an eye toward growth, Auth0 late last year opened an office in Singapore to serve as an operations hub for customer acquisition and support in Southeast Asia. In March, the company acquired Apility.io, an anti-abuse API company Auth0 says will help bolster its security strategy to protect against automated cyberattacks. And just this spring, Auth0 hired former AWS channel head Jason Teo to lead its efforts in the Asia Pacific region.

Salesforce Ventures led this series F round in Auth0, with participation from DTCP as well as Bessemer Venture Partners, Sapphire Ventures, Meritech Capital, World Innovation Lab, Trinity Ventures, Telstra Ventures, and K9 Ventures. The company now employs around 650 people (up from 475 as of last May) across its Bellevue, Washington headquarters and offices in Buenos Aires, London, Sydney, and Tokyo.