Kiva scales its business securely while keeping its engineers focused on its core mission
lines of code supporting Kiva’s custom social media integration eliminated reducing the application footprint and maintenance time
months faster time to market on new features and products
"As a non-profit, we’re always stretched for resources. We want to make sure that the things we invest in are making a difference with the donations we’ve been entrusted with."
Nathan George, Senior Director of Engineering for Business Experience
Founded in 2005, Kiva makes it possible for individuals and corporations to improve global economic equality by providing affordable micro-loans to individuals and communities otherwise ignored or unserved by traditional banking institutions.
Since its launch, the nonprofit has grown in scale and complexity, as it tries to achieve the largest possible social impact. In 2021, Kiva provided $224m in funding for more than 470,000 borrowers across 65 countries. According to its most recent report, 80% of micro-loans go to female borrowers, and 62% to those living in rural regions. The organization has also expanded its operations to include borrowers in the US, and has built technologies to facilitate corporate philanthropy through its platform.
As a non-profit, Kiva operates on a shoestring budget, spending just $38.6m on operational expenses in 2021. Compare that with HSBC, a global banking giant, which spent $6.1bn on technology in the 2022 financial year alone. And yet, it must still abide by industry security and compliance rules, while also looking for ways to increase the number of corporate and individual lenders in its network.
Additionally, Kiva’s growing popularity and success means it now engages with a diverse array of personas, each with unique technical needs. Its lending partners, which provide the “last mile” in the financing chain, need secure access to certain Kiva apps and systems. Businesses using Kiva as part of their corporate philanthropy efforts might ask for SSO (single sign-on) integration.
And finally, there are the lenders on Kiva.org providing funding for a student or entrepreneur, as well as borrowers in the US, who can now use Kiva to access capital at affordable rates.
Workforce Identity Cloud and Customer Identity Cloud: A single-vendor identity strategy
To help meet these challenges, Kiva turned to Okta. In 2015, it deployed Okta’s Workforce Identity Cloud solution, allowing its employees to easily and securely access the apps they need, no matter where they live. The relationship deepened in 2021, when Kiva chose Auth0 (now Okta Customer Identity Cloud) as its preferred CIAM (Customer Identity and Access Management) system, bolstering security and usability in the process.
As Nathan George, Senior Director of Engineering for Business Experience at Kiva, explained, this long-standing relationship has helped Kiva accelerate its technological evolution and embrace new opportunities to advance its mission.
Like many organizations with a long and established history, Kiva launched with a home-built identity system. For years, it served the company well, but as the company’s scale and impact grew, its limitations became more apparent. As George explained, Kiva needed something that was standards-compliant, would remain up-to-date as the industry evolved, and would help the organization effectively use its limited resources.
“As a non-profit, we’re always stretched for resources. We want to make sure that the things we invest in are making a difference with the donations we’ve been entrusted with,” he said.
With Okta’s workforce platform, Kiva ensures its employees and external partners have the access they need, while simultaneously improving security and reducing Helpdesk tickets. As George explained:
“Our team is distributed, and so are our partners. A simple authentication hiccup can be a big deal if you’re working as asynchronously as we are. Reducing login friction makes it easier for people to participate in the work we do, and Okta’s world-class integration tools mean we can integrate single sign-on (SSO) into more places."
“When someone encounters a problem, it doesn’t feel like a big deal because they’re using the familiar login flows that they see everywhere else. Okta’s reduced the number of identity-related support cases, and we spend less time dealing with things like password resets and rotations,” he added.
Simpler integrations and developer efficiency
Okta Customer Identity Cloud, was designed for developers, by developers. Since its arrival at Kiva, the organization has been able to accelerate its identity roadmap by a significant factor, introducing new features and technologies that otherwise would require weeks — if not months — of developer time.
“We just moved our authentication profiles from SAML to OpenID Connect. Truthfully, we expected it to be a difficult process, having worked on similar SSO integration projects in the past. There’s a lot of challenges you have to work through — a lot of configuration settings to fiddle — before it all works. But Okta was different,” George said.
“Our developer switched over the configuration profile in the test environments and it just worked. It was a great library experience, and it opened up a lot of new SSO integration possibilities that we were able to do with our corporate impact partners, because we can turn on and expose authentication through their SSO systems.”
Supporting this move to building efficiency through solving issues with minimal engineering effort, Customer Identity Cloud has delivered many times. Kiva’s team tackled the growing problem of credential stuffing attacks by deploying the built-in protection offered by Okta rather than building a solution themselves, saving significant engineering effort while boosting their defenses against an increasingly challenging problem.
In the months following its deployment, Customer Identity Cloud allowed Kiva to eliminate over 22,000 lines of code that supported its custom social media integration, reducing the application footprint and the amount of maintenance time needed for Identity-related systems. Later, when the team needed to add more social media integrations, they once again turned to Okta-provided, built-in solutions. For example, when an opportunity arose requiring AppleID, the Customer Identity Cloud AppleID integration was up and running in minutes, and the team was freed from having to build anything themselves.
Okta has delivered long-term benefits, too. By using an Identity solution that’s geared to the developer experience, Kiva has reduced the time-to-market for new features and products by up to three months. It has also delivered significant time savings because Kiva relies on multiple aspects of the Okta solution rather than building and maintaining these themselves, including core identity management, JWT management, social media integration, and identity security measures such as MFA, captchas, credential stuffing protection and suspicious login/registration protection.
Identity leads the way
Kiva sees Identity as a strategic component of its future roadmap, and Okta is proud to play a role in advancing its scaling impact. In just a few years, the organization has been able to build an SSO strategy that facilitates corporate donations and engagement, and the advanced security features in Okta’s customer identity and workforce products has helped it contend with Identity-related threats.
It plans to expand upon that early success, with usability a key theme in its future plans. Right now, it’s looking at opportunities to further eliminate authentication friction from its login and sign-up flows, thereby making it easier for people to engage and make life-changing loans to those living in the most economically challenged countries.
Kiva is also looking at ways for people to connect their personal accounts with their workplace credentials, so they can keep track of the people they’ve funded, even if they’ve changed jobs.
“Being able to bring those personas together is so important,” said George. “It means you can take the good that you’re doing in your community and bring it to your workplace, and vice versa.”
About Customer
More than 1.7 billion people around the world are unbanked and can’t access the financial services they need. Kiva is an international nonprofit, founded in 2005 in San Francisco, with a mission to expand financial access to help underserved communities thrive.
We do this by crowdfunding loans and unlocking capital for the underserved, improving the quality and cost of financial services, and addressing the underlying barriers to financial access around the world. Through Kiva's work, students can pay for tuition, women can start businesses, farmers are able to invest in equipment and families can afford needed emergency care.
Kiva is an Okta for Good customer. Okta for Good mobilizes our most valuable resources—our people, our products, and our dollars—to support nonprofits in communities around the world. Learn more about our additional support and preferential pricing here.