About commercetools
commercetools powers the commerce engines of the world’s leading enterprises. Built to meet the evolution of modern commerce, their platform is rooted in composable architecture, giving enterprises the agility to scale smarter, unify experiences, and adapt for an agentic future that’s already here.
The Problem: Fragmentation and Security Challenges
As a major commerce platform operating across multiple cloud vendors and global regions, commercetools experienced rapid growth that introduced significant additional requirements into their identity management system.
- Fragmented User Experience: Historically, commercetools developed an identity solution where each product had its own way of authenticating and its own set of users. This forced their enterprise business users to maintain multiple, duplicate accounts across different products (like the Merchant Center administrative UI or commercetools Frontend), leading to a poor user experience.
- Legacy SSO Limitations: The company had implemented its own custom-built solution for B2B Single Sign-On (SSO) integration for some customers. This custom solution relied heavily on the implicit flow and had numerous limitations, particularly as only one product offered this SSO functionality, leaving users of other products without the option.
- Security and Modernization Gaps: The existing solution lacked support for modern, secure authentication methods, such as Multi-Factor Authentication (MFA) and passwordless login. Recognizing that authentication and security were not their core expertise, commercetools sought a well-established, secure solution to replace their custom systems.
- High Availability and Regional Requirements: Operating globally, commercetools required a new identity provider that could handle their high-availability demands and meet complex, multi-region data residency requirements (e.g., ensuring EU data stays within the EU).
We simply grew beyond handling identity ourselves. Authentication and security are critical, but since we are not domain experts in implementing those systems, we wanted to rely on a good and well-established solution. We didn't want to reinvent the wheel.
- Nicola Molinari, Staff Engineer, commercetools GmbH
The Solution: Adopting Ory for Modern Identity
Commercetools chose Ory as their new identity management solution to achieve a single, secure, and flexible user experience for their 20,000+ monthly enterprise business users.
Strategic Selection
After evaluating several options, including Auth0, Ory was selected due to several key factors:
- Multi-Region Matching: Ory’s setup, which supports distinct environments in Europe, the US, and Asia, was a good match for commercetools' existing multi-regional deployment, helping them meet crucial data privacy and residency obligations.
- Headless UI Flexibility: The "bring your own UI" (headless) feature was a big factor, allowing commercetools to build a fully custom-built UI that met their product and UX requirements, while relying on Ory's APIs to manage the user flows. As a result, commercetools was able to provide a new central Identity service to be seamlessly integrated with the different business tools.
- Open Source Core: Ory's open-source foundation gives commercetools full visibility into the codebase, enabling independent security audits and code review. It also provides a self-supported fallback path, reducing vendor lock-in risk.
Data residency isn't optional for us. Ory Network's ability to run in separate regions gave us confidence that we could meet our data privacy obligations. Ory Network's regional deployment model made that straightforward.
- Nicola Molinari, Staff Engineer, commercetools GmbH
Implementation & Support
The commercetools team successfully implemented Ory, finding the consumption of the APIs and service to be "fast to implement" and straightforward. The Ory team provided extensive support, particularly in designing and building out specific B2B SSO features to unblock their business needs.
Future-Proofing Security
Ory's platform immediately enabled the future adoption of advanced security and authentication features, including MFA, passwordless, and future standards like FIDO2/Passkeys (Pesk), which were critical for a strategic security upgrade.
The fact that you provide a headless UI was a big factor for us. We had special product and UX requirements and needed the flexibility to implement our own custom UI and validation logics.
- Nicola Molinari, Staff Engineer, commercetools GmbH
The Results: Streamlined Operations and Enterprise-Grade Experience
The migration to Ory delivered immediate, measurable benefits for both commercetools' developers and their enterprise customers.
- Seamless Single Sign-On (SSO): The primary goal of a single sign-on experience across all commercetools products was achieved. Customers no longer have to manage multiple accounts, and the new B2B SSO functionality is straightforward to configure and use, providing a better overall experience.
- Unblocked Enterprise Features: The Ory solution eliminated limitations from the previous custom SSO integration. SSO is now available across all products, which was a big win, and the new flow can leverage the email domain for a smoother user experience, something the old system could not do.
It was a big win for us to unblock the future - we now have the option to enable multifactor authentication, passwordless login, and other features like SCIM to improve security.
- Nicola Molinari, Staff Engineer, commercetools GmbH
- Improved Developer Velocity and Maintainability: By relying on Ory, commercetools avoids the need to reinvent the wheel and maintain their own identity system, saving significant time and resources. The learning curve for developers getting involved in the project was easy, and new products can now be stood up quickly, realizing a huge time savings versus building identity in-house.
- Future-Proof Security Roadmap: While commercetools initially maintained existing authentication methods during the migration, the new platform is a launchpad to enable enhanced security for their business users, with plans to roll out MFA and explore features like SCIM for automated user provisioning.
I definitely would recommend Ory. As a developer, it's a very good product. The developer experience makes it easy to get started but also to customize things as needed.
- Nicola Molinari, Staff Engineer, commercetools GmbH
