Ontra
F500
Clients enabled
"Stitching together two apps that were never meant to talk to each other"
The Problem
When Ontra launched Atlas (entity management), they stood it up as a completely separate app: its own database, its own users, its own accounts. No communication with the existing primary application. Customers like Goldman Sachs had two separate accounts, two logins, two sets of permissions. Data teams couldn't even answer "how many unique users do we have?" because everyone was counted twice across two databases.
The Insight
The original decision to build Atlas independently was about speed: avoid legacy code, skip stakeholder alignment, move fast. But nobody actually wants it to work that way. Users want to log in once. Data teams want a single source of truth. And as Ontra added more products, the fragmentation would only get worse.
The Approach
We tackled it in layers. First, unified login via Auth0 so users could navigate between apps with one session, even though behind the scenes they were switching databases. Then we unified accounts, making the primary application the source of truth and publishing events via a pub/sub bus so Atlas and other services could subscribe. Same pattern for users: create in the primary application, assign the UUID, publish the event, let downstream apps cache locally. For permissions, we built a hybrid RBAC/ReBAC model: roles for broad access, relationship-based grants for object-level control (like "can this user see this specific document?"). The system was designed so the primary application was always the single authority to check, avoiding the N-query problem of asking every app independently.
The Outcome
The unified platform enabled Fortune 500 clients including Goldman Sachs and Morgan Stanley to operate in production-isolated environments. The architecture became the foundation for Ontra's expanding product suite: DDQ, billing, and others could subscribe to the same event bus without re-architecting. The team also shipped "Auth-ception", a nested authentication flow that gave each user a unified identifier across all microservices, solving cross-app session management as Ontra evolved from monolith to microservices.