[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"article:bill-one-auth":3},{"meta":4,"markdown":179},{"type":5,"articleId":6,"slug":6,"title":7,"titleEn":8,"category":9,"summary":10,"publishedAt":11,"image":12,"vocabulary":13,"source":176},"article","bill-one-auth","インボイス管理サービスBill Oneの認証を内製認証基盤に置き換えて認証基盤のコストを削減した話","How we reduced authentication platform costs by replacing Bill One's authentication with an in-house platform","software\u002Fcompanies\u002Fsansan","Sansan's Bill One team replaced Auth0 with an in-house authentication platform built on Amazon Cognito, significantly reducing costs while migrating users seamlessly via Lambda triggers.","2026-04-26T00:00:00Z","https:\u002F\u002Fimages.yamiyomi.com\u002Fbill-one-auth.png",[14,19,23,28,32,36,40,44,48,52,56,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172],{"word":15,"reading":16,"meaning":17,"level":18},"認証","にんしょう","authentication","N2",{"word":20,"reading":21,"meaning":22,"level":18},"基盤","きばん","platform, foundation",{"word":24,"reading":25,"meaning":26,"level":27},"内製化","ないせいか","bringing development in-house","N1",{"word":29,"reading":30,"meaning":31,"level":18},"大幅","おおはば","significant, substantial",{"word":33,"reading":34,"meaning":35,"level":18},"削減","さくげん","reduction, cutback",{"word":37,"reading":38,"meaning":39,"level":27},"経緯","けいい","circumstances, background",{"word":41,"reading":42,"meaning":43,"level":18},"移行","いこう","migration, transition",{"word":45,"reading":46,"meaning":47,"level":18},"請求書","せいきゅうしょ","invoice, bill",{"word":49,"reading":50,"meaning":51,"level":27},"受領","じゅりょう","receipt, acceptance",{"word":53,"reading":54,"meaning":55,"level":27},"月次","げつじ","monthly",{"word":57,"reading":58,"meaning":59,"level":18},"決算","けっさん","financial closing, settlement",{"word":61,"reading":62,"meaning":63,"level":18},"効率化","こうりつか","streamlining, optimization",{"word":65,"reading":66,"meaning":67,"level":18},"意思決定","いしけってい","decision-making",{"word":69,"reading":70,"meaning":71,"level":18},"充実","じゅうじつ","fulfillment, being well-equipped",{"word":73,"reading":74,"meaning":75,"level":18},"採用","さいよう","adoption, employment",{"word":77,"reading":78,"meaning":79,"level":18},"実績","じっせき","track record, achievements",{"word":81,"reading":82,"meaning":83,"level":18},"価格","かかく","price",{"word":85,"reading":86,"meaning":87,"level":18},"課金","かきん","billing, charging",{"word":89,"reading":90,"meaning":91,"level":18},"経理","けいり","accounting, financial affairs",{"word":93,"reading":94,"meaning":95,"level":27},"相性","あいしょう","compatibility, affinity",{"word":97,"reading":98,"meaning":99,"level":18},"選択肢","せんたくし","option, choice",{"word":101,"reading":102,"meaning":103,"level":18},"検討","けんとう","examination, consideration",{"word":105,"reading":106,"meaning":107,"level":27},"可用性","かようせい","availability (IT)",{"word":109,"reading":110,"meaning":111,"level":27},"担保","たんぽ","guarantee, collateral",{"word":113,"reading":114,"meaning":115,"level":27},"工数","こうすう","man-hours, effort",{"word":117,"reading":118,"meaning":119,"level":18},"実装","じっそう","implementation",{"word":121,"reading":122,"meaning":123,"level":18},"構成","こうせい","composition, configuration",{"word":125,"reading":126,"meaning":127,"level":18},"依頼","いらい","request, commission",{"word":129,"reading":130,"meaning":131,"level":18},"保証","ほしょう","guarantee, warranty",{"word":133,"reading":134,"meaning":135,"level":27},"一括","いっかつ","batch, all at once",{"word":137,"reading":138,"meaning":139,"level":27},"試行","しこう","trial, attempt",{"word":141,"reading":142,"meaning":143,"level":18},"該当","がいとう","applicable, corresponding",{"word":145,"reading":146,"meaning":147,"level":18},"契約","けいやく","contract, agreement",{"word":149,"reading":150,"meaning":151,"level":18},"更新","こうしん","renewal, update",{"word":153,"reading":154,"meaning":155,"level":18},"想定","そうてい","assumption, expectation",{"word":157,"reading":158,"meaning":159,"level":27},"本質的","ほんしつてき","essential, fundamental",{"word":161,"reading":162,"meaning":163,"level":18},"運用","うんよう","operation, management",{"word":165,"reading":166,"meaning":167,"level":27},"痛感","つうかん","keenly realize, feel acutely",{"word":169,"reading":170,"meaning":171,"level":18},"設計","せっけい","design, architecture",{"word":173,"reading":174,"meaning":175,"level":27},"前述","ぜんじゅつ","aforementioned",{"name":177,"url":178},"Sansan Builders Box","https:\u002F\u002Fbuildersbox.corp-sansan.com\u002Fentry\u002Fbill-one-in-house-auth-platform","\n::para\nBill One Engineering Unit [共通]{きょうつう:shared, common:N3}[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform, foundation:N1}チームの[樋口]{ひぐち:Higuchi (surname):N1}です。Bill Oneでは[昨年]{さくねん:last year:N3}までAuth0を[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}として[利用]{りよう:use:N3}してきましたが、[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}を[内製化]{ないせいか:in-house development:N1}することでコストを[大幅]{おおはば:significantly:N2}に[削減]{さくげん:reduction:N1}しました。この[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}は、[昨年]{さくねん:last year:N3}12[月]{がつ:month:N5}に[無事]{ぶじ:safely, successfully:N4}リリースされ、Bill Oneの[認証]{にんしょう:authentication:N1}を[支えて]{ささえて:to support:N3}います。[今回]{こんかい:this time:N3}は[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}の[内製化]{ないせいか:in-house development:N1}に[至った]{いたった:to arrive at:N1}[経緯]{けいい:circumstances, background:N1}と[設計]{せっけい:design:N2}、[移行]{いこう:migration:N2}プロセスについて[紹介]{しょうかい:introduction:N2}します。\n\n#en\nI am Higuchi from the Bill One Engineering Unit shared authentication platform team. Until last year, Bill One used Auth0 as its authentication platform, but we significantly reduced costs by building the authentication platform in-house. This authentication platform was successfully released last December and now supports Bill One's authentication. This time, I will introduce the background that led to building the authentication platform in-house, the design, and the migration process.\n::\n\n::heading\nBill Oneについて\n\n#en\nAbout Bill One\n::\n\n::para\nBill Oneは、BtoB SaaSとして[提供]{ていきょう:provide:N1}しているインボイス[管理]{かんり:management:N2}サービスです。[本]{ほん:this:N5}サービスは「[請求書]{せいきゅうしょ:invoice:N1}[受領]{じゅりょう:receipt:N2}から、[月次]{げつじ:monthly:N3}[決算]{けっさん:financial closing:N2}を[加速]{かそく:accelerate:N3}する」をタグラインに[掲げ]{かかげ:to put forth:N1}、あらゆる[請求書]{せいきゅうしょ:invoice:N1}をオンラインで[受け取り]{うけとり:receive:N3}・[請求書]{せいきゅうしょ:invoice:N1}[業務]{ぎょうむ:operations:N3}を[効率化]{こうりつか:streamline:N1}することで、[企業]{きぎょう:enterprise:N1}[経営]{けいえい:management:N2}における[意思]{いし:will:N4}[決定]{けってい:decision:N3}のスピード[向上]{こうじょう:improvement:N3}を[目指して]{めざして:aiming for:N3}います。\n\n#en\nBill One is an invoice management service offered as a BtoB SaaS. Under the tagline \"Accelerate monthly financial closing from invoice receipt,\" it aims to improve the speed of corporate decision-making by receiving all invoices online and streamlining invoice operations.\n::\n\n::heading\n[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}に[関する]{かんする:regarding:N3}[課題]{かだい:challenge:N2}\n\n#en\nChallenges with the authentication platform\n::\n\n::para\nBill OneはこれまでAuth0を[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}として[利用]{りよう:use:N3}してきました。Auth0は[非常]{ひじょう:extremely:N3}に[機能]{きのう:features:N3}が[充実]{じゅうじつ:well-equipped:N1}しており[多く]{おおく:many:N4}の[採用]{さいよう:adoption:N2}[実績]{じっせき:track record:N2}がありますが、[他]{ほか:other:N3}のIDaaSと[比較]{ひかく:comparison:N1}して[高い]{たかい:expensive:N5}[価格]{かかく:price:N1}[設定]{せってい:setting:N2}となっています。[前述]{ぜんじゅつ:aforementioned:N2}の[通り]{とおり:as:N4}、Bill Oneではユーザー[数]{すう:number:N3}[課金]{かきん:billing:N2}を[行って]{おこなって:carry out:N5}いないことに[加え]{くわえ:in addition:N3}、[経理]{けいり:accounting:N3}[業務]{ぎょうむ:operations:N3}という[都合上]{つごうじょう:due to circumstances:N3}、[月]{つき:month:N5}に[一度]{いちど:once:N4}しかBill Oneを[利用]{りよう:use:N3}しないアカウントも[多く]{おおく:many:N4}[存在]{そんざい:exist:N3}します。そのためAuth0の[価格]{かかく:price:N1}[体系]{たいけい:system:N1}であるMAU[課金]{かきん:billing:N2}とは[相性]{あいしょう:compatibility:N3}がよくありません。\n\n#en\nBill One had been using Auth0 as its authentication platform. Auth0 is extremely feature-rich with a strong track record, but its pricing is high compared to other IDaaS providers. As mentioned, Bill One does not charge per user, and due to the nature of accounting work, many accounts only use Bill One once a month. Therefore, Auth0's MAU-based billing model was not a good fit.\n::\n\n::heading\n[解決]{かいけつ:solution:N3}[方法]{ほうほう:method:N3}の[検討]{けんとう:examination:N1}\n\n#en\nExamining solution options\n::\n\n::para\n[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}のコストの[問題]{もんだい:problem:N4}を[解決]{かいけつ:solve:N3}するため、どのような[選択肢]{せんたくし:options:N1}を[取る]{とる:to take:N3}かを[検討]{けんとう:examine:N1}しました。IDaaSを[移行]{いこう:migrate:N2}する、もしくは[内製]{ないせい:in-house:N1}するにあたって[次]{つぎ:following:N3}のようなグラデーションが[考えられます]{かんがえられます:can be considered:N4}。Auth0[以外]{いがい:other than:N4}のIDaaSへ[移行]{いこう:migration:N2}、IDaaS + [自前]{じまえ:self-made:N4}[開発]{かいはつ:development:N4}、KeycloakのようなOSSの[利用]{りよう:use:N3}、[完全]{かんぜん:complete:N3}[自前]{じまえ:self-made:N4}[開発]{かいはつ:development:N4}などです。もともと、[認証]{にんしょう:authentication:N1}の[機能]{きのう:functions:N3}をできるだけマネージドサービスに[寄せる]{よせる:to lean towards:N3}ことで[開発]{かいはつ:development:N4}[工数]{こうすう:man-hours:N3}は[抑えつつ]{おさえつつ:while keeping down:N1}も、[可用性]{かようせい:availability:N3}やセキュリティを[担保]{たんぽ:guarantee:N1}したいという[意図]{いと:intention:N4}でAuth0を[利用]{りよう:use:N3}していました。\n\n#en\nWe examined what options to take in order to solve the authentication platform cost problem. A range of approaches could be considered for migrating or building the IDaaS in-house: migrating to another IDaaS, IDaaS plus custom development, using an OSS like Keycloak, or fully custom development. Originally, we had been using Auth0 with the intention of keeping development effort down by leaning on managed services as much as possible, while still ensuring availability and security.\n::\n\n::heading\n[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}の[設計]{せっけい:design:N2}\n\n#en\nAuthentication platform design\n::\n\n::para\n[上述]{じょうじゅつ:as mentioned above:N2}の[通り]{とおり:as:N4}、Cognito[単体]{たんたい:alone:N3}では[機能]{きのう:features:N3}が[足りない]{たりない:insufficient:N4}ため、[不足]{ふそく:lacking:N4}している[機能]{きのう:functions:N3}を[自前]{じまえ:self-made:N4}で[実装]{じっそう:implement:N2}する[必要]{ひつよう:necessity:N3}があります。CognitoのAPIを[直接]{ちょくせつ:directly:N2}[利用]{りよう:use:N3}する[形]{かたち:form:N3}でOIDC（OpenID Connect）のOP（OpenID Provider）としてふるまうアプリケーションを[開発]{かいはつ:develop:N4}することにしました。[最終的]{さいしゅうてき:ultimately:N3}に[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}は、ユーザー[向け]{むけ:targeted at:N3}サービス（OP）、[管理]{かんり:management:N2}API、[管理]{かんり:management:N2}[画面]{がめん:screen, UI:N3}の3つで[構成]{こうせい:composed of:N3}されています。\n\n#en\nAs mentioned above, Cognito alone lacked sufficient features, so we needed to implement the missing functionality ourselves. We decided to develop an application that acts as an OIDC (OpenID Connect) OP (OpenID Provider) by directly using the Cognito API. Ultimately, the authentication platform is composed of three parts: the user-facing service (OP), a management API, and an admin UI.\n::\n\n::heading\nアカウントの[移行]{いこう:migration:N2}について\n\n#en\nAbout account migration\n::\n\n::para\nAuth0はサポートチケットから[依頼]{いらい:request:N2}することでパスワードハッシュを[含む]{ふくむ:include:N2}ユーザー[情報]{じょうほう:information:N3}のエクスポートが[可能]{かのう:possible:N3}ですが、エクスポート[作業]{さぎょう:work:N4}の[具体的]{ぐたいてき:specific:N3}な[実行]{じっこう:execution:N3}[日時]{にちじ:date and time:N5}を[保証]{ほしょう:guarantee:N1}してもらえません。また、Amazon Cognitoはパスワードハッシュの[一括]{いっかつ:batch:N1}インポートをサポートしていないため[他]{ほか:other:N3}の[方法]{ほうほう:method:N3}を[採る]{とる:to take:N2}[必要]{ひつよう:necessity:N3}がありました。そこでAmazon Cognitoに[用意]{ようい:prepared:N4}されているユーザー[移行]{いこう:migration:N2}のLambdaトリガーを[利用]{りよう:use:N3}しました。ログイン[試行]{しこう:attempt:N4}もしくはパスワードリセットのタイミングでCognitoのUser Poolに[該当]{がいとう:corresponding:N1}ユーザーが[存在]{そんざい:exist:N3}しなかった[場合]{ばあい:case:N3}にLambdaを[呼び出せ]{よびだせ:can invoke:N3}ます。\n\n#en\nAuth0 allows exporting user information including password hashes via support ticket, but cannot guarantee a specific execution date. Furthermore, Amazon Cognito does not support batch import of password hashes, so we needed to take a different approach. We used the user migration Lambda trigger provided by Amazon Cognito, which can invoke a Lambda function when the corresponding user does not exist in the Cognito User Pool during a login attempt or password reset.\n::\n\n::heading\n[振り返り]{ふりかえり:retrospective:N1}と[今後]{こんご:from now on:N5}\n\n#en\nRetrospective and future plans\n::\n\n::para\n[新]{しん:new:N4}[基盤]{きばん:platform:N1}は、[昨年]{さくねん:last year:N3}の12[月]{がつ:month:N5}に[無事]{ぶじ:safely:N4}リリースされました。その[結果]{けっか:result:N1}、リリース[後]{ご:after:N5}3[週間]{しゅうかん:weeks:N4}でMAUの[約]{やく:approximately:N3}86%のユーザーが[新]{しん:new:N4}[基盤]{きばん:platform:N1}に[移行]{いこう:migrate:N2}し、[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}のコストはAuth0の[契約]{けいやく:contract:N1}[更新]{こうしん:renewal:N3}で[想定]{そうてい:expected:N3}されるコストと[比べて]{くらべて:compared to:N2}[大幅]{おおはば:significantly:N2}に[削減]{さくげん:reduction:N1}できました。\n\n#en\nThe new platform was successfully released last December. As a result, approximately 86% of MAU users migrated to the new platform within three weeks of release, and authentication platform costs were significantly reduced compared to the expected costs of renewing the Auth0 contract.\n::\n\n::heading\n[最後]{さいご:finally:N3}に\n\n#en\nIn closing\n::\n\n::para\nBill OneはAuth0の[利用]{りよう:use:N3}をやめ、[認証]{にんしょう:authentication:N1}[基盤]{きばん:platform:N1}を[内製化]{ないせいか:in-house development:N1}する[選択肢]{せんたくし:option:N1}を[取りました]{とりました:took:N3}。しかし、これまでAuth0を[利用]{りよう:use:N3}してきたことで[認証]{にんしょう:authentication:N1}[周り]{まわり:around, related to:N2}の[開発]{かいはつ:development:N4}[運用]{うんよう:operation:N4}[工数]{こうすう:man-hours:N3}を[大幅]{おおはば:significantly:N2}に[削減]{さくげん:reduce:N1}しプロダクトの[本質的]{ほんしつてき:essential:N4}な[部分]{ぶぶん:part:N3}にフォーカスできたことは[事実]{じじつ:fact:N3}です。[内製化]{ないせいか:in-house development:N1}にあたって、Auth0では[当たり前]{あたりまえ:natural, obvious:N3}にあった[機能]{きのう:features:N3}がCognitoになく[自前]{じまえ:self-made:N4}[開発]{かいはつ:development:N4}の[必要]{ひつよう:necessary:N3}な[部分]{ぶぶん:part:N3}がいくつもありました。[改めて]{あらためて:once again:N2}Auth0が[非常]{ひじょう:extremely:N3}によくできたサービスであったことを[痛感]{つうかん:keenly realize:N3}しました。\n\n#en\nBill One chose to stop using Auth0 and build the authentication platform in-house. However, it is a fact that using Auth0 up until now had significantly reduced development and operations effort around authentication, allowing us to focus on the essential parts of the product. When building in-house, there were numerous features that Auth0 had as a matter of course but Cognito lacked, requiring custom development. We keenly realized once again what an excellently built service Auth0 was.\n::\n"]