← Back to Work Case Study

Unified SSO and MFA for 1,040 Insurance Agency Users

Mark Sierra, SAN of Florida (Tampa Bay, FL) · Case Study
1,040Users consolidated
2Platforms unified
$0Per-user licensing cost

The Situation

SAN of Florida is an insurance network managing over 1,000 external agency users across two platforms: Smartsheet (operations and reporting) and InsuredMine (CRM and marketing automation). Each user had separate login credentials for each platform. No multi-factor authentication. No centralized identity management.

New cybersecurity regulations hitting the insurance industry in 2026 forced the issue. SAN needed MFA across all systems, but with 1,040 external users spread across hundreds of different agency domains, the standard solutions didn't work. Okta and similar identity providers charge per user, which at this scale would have cost more than the platforms themselves. Mark had already tried multiple approaches on his own... Smartsheet's native MFA (not sufficient for compliance), Azure SSO (couldn't make it work without per-user licensing), and direct configuration with platform support teams that led nowhere.

He needed a single sign-on system that would handle 1,040 users across two platforms, enforce MFA, and not cost a fortune in per-seat licensing.

What We Built

A unified SSO and MFA system using AWS Cognito as the identity provider and FusionAuth as the SAML broker, connecting both Smartsheet and InsuredMine under one authentication layer.

When any of the 1,040 users log into either Smartsheet or InsuredMine, they hit a centralized login page hosted at auth.sanflorida.com. FusionAuth handles the SAML exchange with each platform, and AWS Cognito manages the user pool, MFA enforcement, and session management behind it. One login, one MFA challenge, access to both platforms.

The discovery phase involved verifying SAML support on both platforms (Smartsheet had it in their admin panel, InsuredMine required backend coordination with their dev team), analyzing the user list (1,040 users across 900+ agency domains with only 15 internal accounts), and mapping the full authentication flow including domain verification, DNS configuration, SSL certificates, and SAML metadata exchange.

The build included standing up the AWS infrastructure (Cognito user pool, FusionAuth instance on EC2 behind an application load balancer), configuring SAML applications for both platforms with their specific entity IDs and ACS URLs, provisioning all 1,040 users into the Cognito pool from a clean user export, setting up MFA enforcement, and coordinating DNS changes with the client's hosting provider.

Results

1,040 users consolidated under a single identity provider. MFA enforced across both platforms from one login. No per-user licensing cost (AWS Cognito free tier covers up to 50,000 MAUs). Cybersecurity compliance requirements met ahead of 2026 deadline. Ongoing retainer for user management and monitoring.

Tech Stack

AWS Cognito FusionAuth AWS EC2 / ALB / ACM Smartsheet Admin Center InsuredMine (SAML) Route 53 / DNS

What Made This Work

The previous attempts failed because they were trying to solve a per-platform problem with per-platform tools. Smartsheet's native MFA doesn't extend to InsuredMine. Azure SSO has per-user costs that don't make sense at 1,040 seats. The fix was stepping back and building an identity layer that sits above both platforms.

The other piece was coordination. InsuredMine doesn't expose SSO settings in their admin UI. Getting SAML configured required direct communication with their engineering team, providing the correct metadata, certificates, and redirect URLs in a format their backend could consume. That's not something a business owner can figure out from a support article.

Need to unify authentication across multiple platforms? Let's talk through your setup.

Book a Call

Based in Grapevine, Texas. Serving clients nationwide.

© 2026 Launch Forte. All rights reserved.

All systems operational