IdentityServer
This audio content has been generated by AI. It is provided for convenience and may not perfectly reflect the original text.
The Challenge
XnLeisure is transitioning its per customer on-premises platform to a pure SaaS model, requiring a centralized identity solution to support both end users and internal support teams. Moving their Leisure Hub platform to the cloud means centralized identity across multiple tenants and allows each tenant to continue customizing their customers' login experience.
Key challenges included:
- Supporting multiple tenants with distinct branding, configuration, and identity requirements
- Enabling secure, flexible authentication across web and mobile applications
- Providing administrative control to both XnLeisure staff and customer administrators
- Meeting accessibility standards and supporting multiple languages
Introducing modern authentication methods, including passkeys and federated identity - Migrating legacy users without disrupting the user experience
Security, scalability, and usability were all critical, with no tolerance for breaking changes during the transition.
The Solution
Rock Solid Knowledge designed and delivered a cloud-based SSO platform built on Duende IdentityServer, aligned with XnLeisure’s Microsoft Azure strategy. :contentReference[oaicite:0]{index=0}
The solution introduced a multi-tenant identity architecture, allowing each customer to configure authentication behaviour, branding, and security policies independently within a shared infrastructure.
A key design principle was controlled flexibility. The platform supports local accounts, federated identity providers, and passwordless authentication, while enforcing consistent security standards, including strong password policies and optional or mandatory 2FA.
The system was designed to integrate cleanly with the existing Leisure Hub platform, including a seamless membership-to-identity binding process and just-in-time migration of legacy accounts. This ensured continuity for existing users while enabling gradual modernization.
Administrative control was delivered through a combination of a web-based portal and APIs, allowing both manual and automated tenancy management. Accessibility and localization were built in from the outset, ensuring compliance with AA standards and support for multiple languages.
What Was Delivered
To allow the XNLeisure development team to start building their new SaaS solution they needed Single Sign-On very early. Rock Solid Knowledge delivered them a bare bones SSO solution in a few days to get them up and running. Once the XnLeisure development team had a good sense of what they needed, we held 2-3 one-hour workshops to nail down the requirements for the production-ready SSO solution. Again, to allow the XnLeisure team to continue delivering, we decided to deploy the solution in phases. Phase 1 is enough to prove the end-to-end story, and future phases to focus on aspects that don't impact the application platform, e.g., support for Passkeys. This incremental delivery approach builds confidence, reduces risk and keeps all parties aligned.
For phase 1, we delivered.
- Multi-tenant SSO platform hosted on Azure App Service with scalable architecture
- Duende IdentityServer-based authentication service targeting .NET 10
- Tenant-specific configuration for branding, languages, authentication methods, and security policies
- Support for:
- Local credentials with strong password enforcement
- Federated and social identity providers
- Just-in-time migration of legacy user accounts
- Membership-to-digital identity binding integrated with existing platform workflows
- AdminUI for user, client, and configuration management across tenants
- Role-based access control for XnLeisure and customer administrators
- REST APIs for tenancy provisioning and configuration
- Accessibility-compliant UI (AA standard) with multilingual support
- Secure email workflows for account confirmation and password reset
In subsequent phases, we will be delivering
- SMS second factor
- Passkeys
- Social logins
Rock Solid Knowledge brought clarity to a complex challenge and delivered a solution that aligned with both our technical and business goals. The result has strengthened our overall security posture, given us a single, consistent approach to authentication across the platform, and reduced complexity for both our users and internal teams. It has also provided a solid foundation for scaling our SaaS platform, with a tenancy model that supports growth and operational efficiency. Just as importantly, the handover was thorough and practical, enabling our team to take ownership with confidence."
Mark Morris
- Job Role
- Head of R&D
- Company
- XnLeisure
The Impact
The new platform established a secure and scalable foundation for XnLeisure’s SaaS offering.
- Reduced operational risk through centralized identity and consistent security controls
- Improved user experience with flexible authentication options and localization
- Enabled rapid onboarding of new customers through configurable tenancies
- Supported legacy transition without disruption through just-in-time migration
- Strengthened security posture with 2FA, password validation, and breach detection
Simplified administration through unified tooling and APIs
Why Rock Solid Knowledge
Rock Solid Knowledge brought deep expertise in IdentityServer and modern authentication standards, combined with practical delivery experience in complex, multi-tenant environments.
The use of proven components such as AdminUI, alongside a clear architectural approach, reduced delivery risk and ensured the solution was maintainable by XnLeisure’s internal team following handover.
Discuss modernising your identity platform and securing your applications with a supported, sustainable solution.
Last updated: 22 April 2026
Andrew Clymer He/him
- Job Role
- Managing Director
- Company
- Rock Solid Knowledge