Upgrading an International Manufactuer from IdentityServer4 to Duende

The Challenge

Nailor (Nailor Industries, Inc) is a family owned manufacturer founded in 1971 that designs and produces commercial and industrial HVAC (heating, ventilation, and air conditioning) equipment. Nailor's existing single sign-on platform was built on IdentityServer4, which reached end of life in 2022. Continuing to rely on unsupported identity infrastructure introduces increasing security, compliance, and operational risk.

At the same time, Nailor needed to strengthen its overall authentication posture. User accounts require stronger protection against credential compromise, support for modern multi-factor authentication, and clearer separation between user types, including contractors and company representatives. The registration and recovery journeys also needed improvement, without disrupting existing users or downstream applications.

The challenge was to modernise the SSO platform while preserving continuity, reusing existing user data, and enabling Nailor’s in-house teams to operate and extend the solution with confidence.

The Solution

Rock Solid Knowledge designed and delivered a new SSO solution based on a fully supported OpenID Connect framework, targeting ASP.NET Core 8 and a modern identity server architecture. The approach focused on upgrading security capabilities while respecting Nailor’s existing identity stores, user workflows, and application integrations.

The solution retained the existing ASP.NET Identity user database, introduced a separate configuration store for SSO clients and resources, and provided a fully accessible user interface aligned to Nailor’s designs. Security improvements were introduced incrementally, ensuring users could transition safely without forced resets or service disruption.

Where possible, security upgrades such as password hashing improvements and policy enforcement were applied transparently at sign-in, reducing operational overhead while improving protection.

What Was Delivered

A production-ready SSO platform using a supported OpenID Connect framework 

• Migration scripts to move IdentityServer4 configuration data to the new platform
• Accessible login, registration, recovery, and logout user interfaces
• Enhanced registration with user type differentiation and admin approval workflow
• Local and federated sign-in using Google and Microsoft identities
• Strong, configurable password policies with breach database checking
• Automated upgrade of legacy password hashes to modern algorithms
• Multi-factor authentication using SMS and authenticator apps
• “Remember this device” support for trusted second-factor usage
• Delegated administration for customer company administrators
• APIs and webhooks to support user creation and MFA reset workflows
• Single logout support across connected applications
• Structured handover sessions to enable Nailor’s development team to deploy and maintain the solution

The Impact

The new SSO platform significantly reduced security and operational risk while providing a foundation for future growth.

• Removed dependency on unsupported identity infrastructure
• Improved protection against credential theft and password reuse
• Enabled multi-factor authentication without degrading user experience
• Maintained compatibility with existing users and applications
• Improved accessibility and consistency across authentication journeys
• Equipped internal teams with a maintainable, standards-based identity platform 

On Going Support

Nailor was keen to keep their new SSO solution up to date and well maintained. Rock Solid Knowledge has provides an annual maintenance contract that means they get four updates a year, and unlimited security patches all for a single annual fixed fee. Nailor can now have its development team focus on the core business and leave SSO to a team of SSO experts.

Why Rock Solid Knowledge

Rock Solid Knowledge brought deep, practical experience in designing and delivering identity platforms. As an official partner of Duende IdentityServer with many years of hands-on SSO delivery, the team understood both the technical and operational realities of modern authentication systems.

This expertise enabled Nailor to modernise its identity infrastructure confidently, with clear migration paths, strong security practices, and a solution designed for long-term sustainability.