SmithRx, a full-service Pharmacy Benefit Manager, was seeking an external IAM platform to unify authentication journeys across multiple portals while paving the way for fine-grained access control initiatives. Learn why SmithRx chose Descope to improve customer experience and enhance security without impacting developer time.
About SmithRx
SmithRx is transforming the pharmacy benefits industry as a modern, full-service Pharmacy Benefit Manager (PBM) dedicated to equitable, low-cost access to prescription drugs. In a healthcare landscape where transparency and affordability are more important than ever, SmithRx is leading the charge, rapidly expanding to meet the needs of employers, brokers, and members. Unlike legacy PBMs, SmithRx operates with full transparency and no hidden fees, ensuring clients always get the lowest possible prices—no compromises, no surprises.
As SmithRx scaled to meet growing demand, they faced a critical challenge: delivering a secure, seamless, and scalable authentication solution to simplify access for their users. That’s where Descope stepped in. With our intuitive authentication platform, SmithRx was able to streamline user access while maintaining the highest standards of security and scalability. By removing friction for their users, we helped SmithRx stay focused on their mission: making healthcare more affordable and transparent for everyone.
SmithRx serves a layered ecosystem of stakeholders through its multi-portal platform, designed to meet the unique needs of each user group:
Member Portal: A dedicated space where patients can view their benefits, manage prescriptions, and store their pharmacy card in a digital wallet.
Employer Portal: A powerful tool for employers to monitor cost savings and gain actionable insights into their prescription benefits program.
Broker Portal: A robust platform for a network of brokers and third-party administrators to manage client relationships and leverage SmithRx’s innovative programs.
As SmithRx’s platform grew, maintaining a seamless, user-friendly experience across these portals became increasingly complex with homegrown resources. To address this, SmithRx made the strategic decision to modernize its infrastructure by breaking down a monolithic application into smaller, more manageable services. This shift not only improved scalability but also ensured a smoother experience for all stakeholders.
Chad Dulake, Senior Software Engineer at SmithRx, said
“While building out microservices, we realized our authentication needed to go in the opposite direction—consolidation. Unifying identity management across all three portals could simplify control, improve visibility, and reduce maintenance overhead.
Consolidating identity across multiple portals
With microservices and unified authentication in their sights, SmithRx faced mounting infrastructure challenges. Their previously siloed approach was no longer sustainable, leading them to try out a popular CIAM platform. However, this trial provider did not include FGA within their subscription, instead upselling it as a costly add-on.
Gaston Concilio, Senior Director, Software Engineering at SmithRx, said:
“Operating in a regulated environment, security and privacy is paramount to us. Our systems have different user personas with complex access requirements. The FGA capabilities in Descope’s solution gives us confidence that we can deliver state-of-the-art access controls to our internal users, and honor SmithRx’s commitment to ironclad security and compliance-driven governance.”
SmithRx began searching for a unified authentication and authorization solution with the following requirements:
Identity federation across all three portals (member, employer, and broker)
Support for multiple authentication methods (OTP via SMS or voice call)
Flexible authorization options to later implement FGA (fine-grained authorization)
A dev-friendly environment that wouldn’t drain their lean engineering resources
Ability to unify complex authentication and authorization flows with minimal code
The Descope experience
SmithRx began their implementation with Descope in early November 2024, with tenant SSO and self-service SSO configuration testing in the first week. Within the next two weeks, all SmithRx users were imported into the new system. Despite internal code freezes and the holiday season, the deployment stayed well within the anticipated timeline.
Leading up to its official launch, the SmithRx solution resolved a number of additional challenges along the way. One of these challenges was handling email domains for SSO. SmithRx didn’t want to restrict single sign-on to a limited number of domains, which would have hampered their ability to serve users who signed up with personal email addresses. Using Descope Flows, they developed a solution that checked if a user’s tenant had SSO enabled, regardless of the email’s domain.
Chad Dulake said:
“Flows helped us make API calls to the backend to check if a tenant had SSO enabled without relying solely on email domains. This gave our members more flexibility while maintaining security, something that would have been difficult with our previous system.”
During the implementation, SmithRx was also impressed with Descope’s analytics functionality. When one of their authentication connectors experienced issues despite returning an HTTP 200 code (a standard signal for successful web requests), they turned to Descope’s Flow analytics to learn why.
Chad Dulake said:
“Descope’s analytics showed us that people were sending one-time passwords, but, due to an issue with another vendor, nobody was signing in with them. Turns out, they weren’t receiving OTPs due to an issue on our end. We were able to pinpoint and resolve it before we received any customer complaints.”
Unified authentication paves the way for FGA
After implementing Descope, SmithRx immediately realized several benefits, each resolving one of their previous requirements:
Identity federation and a unified authentication ecosystem that reduced maintenance overhead
Flexible authentication methods that better aligns with their customer experience-first platform
FGA capabilities to better serve the distinct needs of each member role and organization
A low/no-code dev experience that requires minimal human resources to modify and maintain
Cost savings over other solutions for FGA, which SmithRx considered essential
Looking ahead, SmithRx plans to expand their Descope solution with fine-grained authorization to further enhance their white-glove experience. This will allow them to tailor customer journeys with even greater precision across their entire user base of brokers, employers, and members.
Chad Dulake said:
“Identity federation offers a strong foundation for SmithRx. With Descope’s authorization capabilities, we’ll be able to provide even more personalized, secure experiences for each of our user types while retaining the simplicity we’ve been able to achieve.”
Descope is a flexible, drag & drop CIAM platform that helps organizations easily add authentication, authorization, and identity management to their apps. Customers use us for initiatives such as passwordless authentication, SSO, identity federation, strong MFA, identity orchestration, and fraud prevention.
To get started with Descope, sign up for a Free Forever account. If you have questions about our platform, book time with our auth experts.
