Authlete Adopted by JIJ to Build a New Authentication and Authorization Platform Meeting Strict Security Requirements

Authlete Inc. announced that JIJ Inc. has adopted its OAuth and OpenID Connect (OIDC) backend service, Authlete. JIJ provides JijZept, a mathematical optimization development platform that uses quantum computers and AI. By enabling large-scale optimization calculations, JijZept supports problem-solving in social infrastructure fields such as energy, transportation, logistics, and manufacturing. JIJ adopted Authlete as part of a renewal of the authentication and authorization foundation for its own services. The adoption helps reduce the operational effort required to meet customers’ extremely strict security requirements, while enabling JIJ to build a highly extensible authentication and authorization platform that can flexibly respond to service pivots. JIJ’s main customers are companies that support social infrastructure, especially departments requiring high confidentiality, such as core operations, research and development, and business promotion. In providing its services, JIJ must meet extremely strict security requirements, including outbound communication whitelist restrictions and ensuring domestic data residency. Previously, JIJ’s authentication and authorization platform was built on AWS and used Amazon Cognito as its identity provider. However, for each new customer deployment, reflecting Cognito-specific communication requirements in security check sheets and obtaining customer approval created a significant burden. In addition, as JIJ uses Google Cloud for its service infrastructure, continuing to maintain only the authentication and authorization platform on AWS became an issue in terms of optimizing engineers’ learning costs and operational maintenance costs. JIJ therefore decided to build a new authentication and authorization platform on Google Cloud. For the new platform replacing the legacy system, JIJ defined several mandatory functional requirements in order to meet customers’ strict security needs and improve operations: automation of user provisioning and management workflows, use of custom domains and implementation of a proprietary login screen, and thorough enforcement of domestic data residency. To minimize the required human resources, JIJ also decided to use fully managed services. Based on these requirements, JIJ adopted Authlete for the core OAuth/OIDC processing. Authlete provides OAuth and OIDC protocol processing and token management functions as Web APIs. By using these APIs, JIJ can externalize the development and operation of OAuth/OIDC processing while retaining full control over data storage locations, domain settings, login screens, password settings, and related elements. It also became possible to customize the platform according to customer requirements. Authlete faithfully complies with OAuth/OIDC standards, enabling JIJ to clearly explain specifications and functions to customers and reduce the effort needed to address security requirements. Authlete’s extensive functions can also be easily expanded and modified through its management console, allowing rapid response to new requirements. This flexibility matched JIJ’s needs as a startup whose growth involves service expansion and pivots. With support from Instiny, a system development company familiar with Authlete, JIJ built the new authentication and authorization platform. The process from requirements definition to verification of the new system was completed in about three to four months. During the build, JIJ’s service pivot changed the relying party to JijZept IDE, but because Authlete ensured compliance with OAuth/OIDC specifications, JIJ was able to smoothly respond to the change in integration requirements. Yoshimi Sakamoto, software engineer on JIJ’s Software Development Team, commented that by adopting Authlete and building a new authentication and authorization platform implementing OAuth 2.1/OIDC specifications, JIJ significantly reduced the effort required to meet customer security requirements. Because the platform faithfully implements standard specifications, even when a pivot changed the connected service, JIJ was able to respond quickly with only minor additional configuration. He also expressed expectations for Authlete to become even more developer-friendly in the new era of AI and MCP. Authlete provides Web APIs that accelerate and simplify the implementation of OAuth and OpenID Connect (OIDC) in authorization systems. Developed by experts involved in international standards development, Authlete has obtained OpenID certification and supports advanced security specifications such as FAPI and CIBA, as well as newer specifications including OpenID for Verifiable Credentials Issuance. Authlete’s solutions are used across diverse industries including finance, media, retail, technology, and consulting, by customers ranging from startups to mid-sized and large enterprises in Japan and overseas.