Built with ZITADEL: Orbica's Cloud Native Geospatial Platform
Developer Advocate
Key Outcomes
- Orbica, headquartered in Christchurch, New Zealand, is a company that specializes in the field of geospatial technology. They have recently launched a cloud platform, a geospatial powerhouse that simplifies the complexities of large-scale data analysis for its users and have chosen to use ZITADEL Cloud for managing the identity and access needs of their customers.
- With ZITADEL, Orbica has effectively improved both the user experience and security measures of its customers using the Orbica Geospatial Platform. Orbica estimates to have saved themselves at least 1-2 months of UX and development time, in addition to mitigating the risk of constructing and hosting their own solution incorrectly.
- ZITADEL's compliance with the General Data Protection Regulation (GDPR) primes Orbica for future success by ensuring it meets data protection requirements. Furthermore, Orbica aims to make ZITADEL's authentication system accessible to their customers, enabling them to manage their own user authentication within applications built on the Orbica Geospatial Platform.
Introduction
Orbica began as a professional services firm, providing geospatial applications, data products, and workloads. Over time, they identified recurring patterns in these projects, which led them to the idea of developing a platform. The intention behind this platform was to enable others to integrate the capabilities of geospatial technology into their own workflows and apps, allowing them to construct more sophisticated applications.
The Orbica Geospatial Platform is a fully managed, cloud-native platform engineered to leverage geospatial data analysis and AI knowledge to unlock insights in data assets, enabling developers to create solutions for a variety of applications. Beyond the conventional geographical information system (GIS) tools, the platform is designed for all types of users - not just GIS experts - eliminating data silos and making geospatial knowledge accessible across an organization. Through the platform, users can easily interact with and manage their geospatial data via an intuitive user interface, setting various exploration goals, choosing from different visualization methods, and monitoring their data insights.
Orbica's clientele primarily consists of businesses in various sectors that require intricate geospatial analysis to drive decision-making and uncover latent trends and patterns within their data. With a range of use cases that include urban planning, disaster response, environmental monitoring, infrastructure management, agriculture, supply chain management, and water management, Orbica's Geospatial Platform caters to a broad spectrum of industries. This makes it a go-to tool for developers aiming to make a significant impact with geospatial AI.
We spoke with Santosh Seshadri, Head of Platform at Orbica to delve deeper into the technical intricacies they faced and the driving factors behind their decision to embrace ZITADEL as their identity and access infrastrucure solution.
Problem and Solution
Orbica's journey in the Identity and Access Management (IAM) space was not a new one. They had tried several other providers, including Microsoft’s Azure Acitve Directory and Azure Active Directory B2C. They had also used Auth0 for some projects due to client requirements. However, when the need to choose an IAM solution for their platform arose, the options were narrowed down to ZITADEL, Auth0, AWS Cognito, and Azure Active Directory. Although AWS and Microsoft were closely tied to their vendors, Orbica was seeking greater flexibility.
Their discovery of ZITADEL was a result of their ongoing exploration of new, flexible, and modular tools in the tech space, consistent with their philosophy of avoiding monolithic systems. They had been testing different options and were impressed by what ZITADEL had to offer. After a thorough investigation and evaluation of ZITADEL's APIs by their development team, they decided to onboard with ZITADEL. This choice was driven by several pain points and unique requirements, which ZITADEL managed to resolve.
Firstly, the organizational and project-based hierarchy presented by ZITADEL resonated perfectly with Orbica's schema level because the Orbica Geospatial Platform was designed around a hierarchical structure of organizations, workspaces, and projects. ZITADEL's ability to provide fine-grained, role-based access control within the same hierarchical structure has been crucial to Orbica. They also appreciated the ability to have multiple instances and the flexibility and comprehensiveness of ZITADEL's metadata.
From a commercial standpoint, the seat-based pricing model offered by most providers was a significant constraint for Orbica. In contrast, ZITADEL's pricing structure was more conducive to their needs. ZITADEL abandons the conventional per-user licensing model in favor of a consumption-based approach, making it highly suitable for organizations dealing with data and analytics. The model is based on requests rather than user count, reflecting Orbica's commitment to providing usage-based solutions.
The Platform’s User Journey
The Geospatical Platform's user journey begins with creating an organization for each new customer. Currently, this is done internally, but there are plans for future self-service. After sign-up, users receive an email from Orbica via ZITADEL to complete their account setup, after which they can access the platform.
Initially, the users are presented with an empty canvas. The first step involves creating a workspace defined according to the organization's needs. These workspaces can be divided as desired and further segmented into projects. Within these projects, users can set up data stores, databases with APIs, and map services. Any data with a geospatial aspect can be viewed on a map, and the platform performs this orchestration. Users can customize server resources to their liking, specifying things like database size or computing resources, and the platform provisions these resources accordingly. Users can opt for any database of their choice; however, Orbica provides spatial databases curated explicitly for advanced spatial analytics and functions as an additional service.
Next, users can add an analytics service, a Jupyter Lab implementation, which comes pre-packaged with geospatial and AI libraries and is automatically connected to the database. If the user has Python scripts or other workloads in their organization, they can bring them in too, and run them in the cloud, scaling resources as necessary. Users can tap into this feature to perform various functions immediately, right out of the box.
Finally, users can build their custom frontend app and host it on the platform. Currently, users can create multiple projects representing isolated environments, but in the future, they will be able to promote an existing project to a higher environment, e.g., a production environment, with different access policies to run their workloads seamlessly in their respective ecosystems.
Architecture and Deployment
Architecturally, the platform is a cloud-native solution modeled on a microservices architecture. Orbica has designed its core to be provider-agnostic; a Kubernetes layer is responsible for seamlessly orchestrating resources in AWS. Network communications between pods and clusters are maintained by a service mesh, forming a critical part of the system by handling the deployment of functions-as-a-service. These functions are directly connected to the service mesh, enabling on-demand resource deployment. A React-based user interface delivers an interactive experience to users. All the platform's operations are enabled through Orbica's SDKs.
The platform incorporates ZITADEL Cloud, and ZITADEL's primary function within the platform is to provide robust authentication and authorization services. When onboarding a client, an organization is provisioned on the platform, which manages its workloads via workspaces and projects, where the microservices operate. A parallel organization is created on ZITADEL. Subsequent user registrations are also added to this ZITADEL organization, integrating each user into the authentication system right from the start.
The authentication process uses OpenID Connect to validate the user's identity, using the information provided during the registration, ensuring only verified users gain access to the platform. Once users have been authenticated and are active within the platform, ZITADEL manages the authorization of these users and determines the permissions that each user has within the platform, which resources they can access, and what actions they can perform.
As the Orbica Geospatial Platform is designed around a hierarchical structure of organizations, workspaces, and projects, ZITADEL's ability to provide granular access control within the same hierarchical structure is crucial. For instance, an administrator might be allowed to create, delete, or modify projects, while a data engineer might only have permission to view data and perform analysis. Orbica uses ZITADEL’s metadata feature to categorize their projects into workspaces – an intermediary level between organization and project – and to define respective roles within a user's metadata. They further leverage ZITADEL’s custom claims to organize this data, embedding it into JWT. This structured approach ensures they can accurately determine a user's access permissions for various workspaces.
The current hosting is in AWS's Sydney region, but they are actively developing a multi-region cluster for the platform, enabling deployment in other regions around the globe. This global vision is in alignment with Orbica's existing international footprint, with branches in Germany and Australia.
Learning Curve and Product Support
According to Santosh, the developer experience with ZITADEL has been highly positive. The system is user-friendly, making the integration process relatively smooth. However, there were challenges when certain key features needed for Orbica's operations were initially missing. For instance, the team sought a method to authenticate users through their own login UI and ZITADEL APIs instead of using the ZITADEL UI to log in and acquire a token. Implementing their own login UI would offer a smoother user experience and grant Orbica greater control over authentication. After discussing with the ZITADEL team, Orbica learned that the feature was already under development and has since been released. See the Login API for more details.
Santosh commended ZITADEL’s customer service as they provided swift responses and communicated the progress of feature development effectively. There were slight hiccups in the initial stages regarding custom claims. While the current state of custom claims is perfectly suited to Orbica's needs, it was a feature that wasn't available during their early testing phase.
Presently, ZITADEL is used exclusively for Orbica's Geospatial Platform. The beta process went smoothly, and the registration or login process from the user's perspective was generally positive.
Future Plans
The team at Orbica is interested in leveraging ZITADEL's support for the General Data Protection Regulation (GDPR). As Orbica plans to launch a European instance and cluster, ZITADEL's GDPR compliance becomes an attractive aspect as it helps them meet data protection requirements.
A more long-term vision for the company's use of ZITADEL involves making the identity provider more accessible to their customers. The idea is to enable customers, who are already creating applications on the Orbica platform, to manage their own user authentication. The goal is to eliminate the need for customers to bring their own authentication systems for their apps. While they could still choose to do so, Orbica wants to give them the option of leveraging the existing authentication system, thus providing a more integrated and seamless experience. This would allow end users to build their applications with the reassurance of having a reliable authentication system in place. To set this plan in motion, the team at Orbica is considering the kind of support they can provide, whether it's at the technology level through the platform or through other means, such as documentation.
Testimonials
“Auth is complex and critical to get right the first time. I was relieved to discover ZITADEL, allowing us to leverage their expertise so we can focus on the rest of our platform development. ZITADEL’s consumption-based pricing model also aligns perfectly with Orbica’s, allowing us to offer our platform without restrictive per-user charges.”
— Santosh Seshadri, Head of Platform at Orbica