Authlete Selected by KAKEHASHI to Implement OAuth/OIDC Into Healthcare Platform’s Common Identity Infrastructure

We’re excited to announce that KAKEHASHI Inc. (KAKEHASHI) has adopted Authlete—a backend service for OAuth/OpenID Connect (OIDC)—to implement OAuth and OIDC and build a common identity infrastructure optimized for multiple healthcare solutions.

KAKEHASHI develops a vertical Software as a Service (SaaS) platform with the goal of building an ecosystem that serves as a foundation for all healthcare stakeholders. The SaaS company provides multiple solutions, primarily targeting pharmacies, including electronic medication history systems, patient follow-up systems, pharmaceutical inventory management and ordering systems, Business Intelligence (BI) systems, and secondary distribution services for pharmaceuticals.

Integrating Authlete into its common identity infrastructure enabled KAKEHASHI to efficiently meet the healthcare industry’s requirements for strict personal data protection and security, while laying the foundation for future product diversification.

Background and Challenges

In Japan, medical institutions and medical information system providers are required to comply with the “Two Guidelines from Three Ministries (2G3M)” established by the Ministry of Health, Labor and Welfare, the Ministry of Internal Affairs and Communications, and the Ministry of Economy, Trade and Industry to protect medical information. These guidelines require identity and access management systems to include advanced features such as two-factor authentication (2FA), audit logging, and high availability.

In the early stages, when KAKEHASHI had only a few products, identity data and credentials were centralized in an external service (Amazon Cognito), while user authentication functions were developed and operated by KAKEHASHI’s product team. However, as the company’s business expanded and its customer base diversified, the number of products and services also increased. Setting up user authentication functions for each product individually was inefficient, and there were concerns about the burden of continuously implementing security measures on individual teams.

Consequently, KAKEHASHI decided to create a new common identity infrastructure and established the Authentication and Authorization Infrastructure Team to handle its development and operation.

Requirements for the Common Identity Infrastructure

Because healthcare SaaS handles patients’ critical information, it requires stable, long-term, and continuous service operations. The new identity infrastructure had to meet the following four requirements:

• Portability: The identity infrastructure is critical to business continuity. Therefore, portability is essential to ensure that if the platform needs to be migrated in the future for any reason, it can be done flexibly. For this reason, the identity infrastructure must support OAuth/OIDC and provide connectivity based on open standards.

• Compliance and security: Compliance with 2G3M, including audit logging, Business Continuity Plan (BCP) assurance, and 2FA, is mandatory. In particular, 2FA must support work-specific environments, such as those where smartphone use is prohibited.
• Availability: As KAKEHASHI provides medical information systems, high availability is required to ensure the systems will continue to operate even during disasters.
• Operational cost: The identity infrastructure must be operable even by a small team over the long term, regardless of future business conditions.

The identity and credential information service used at the time failed to meet the necessary security and compliance requirements, including sharing login sessions with different expiration times across multiple products and implementing 2FA that met clinical environment constraints. Therefore, KAKEHASHI considered adopting Identity as a Service (IDaaS) or Open Source Software (OSS).

However, IDaaS posed challenges related to the cost of migrating identity and credential data from the existing services and limited customizability. OSS also raised concerns about the operational and maintenance burden. Ultimately, neither was adopted.

Why Authlete and Results

Ultimately, KAKEHASHI selected a Backend as a Service (BaaS) architecture, which allows them to continue using existing data and systems while outsourcing only the development and operation of OAuth/OIDC functionality. Based on this approach, KAKEHASHI chose Authlete, highly valuing the following points:

• High level of expertise and continuous support: Authlete is a reliable service with deep specialization in OAuth and OIDC and is OpenID certified. It also provides technical support in Japanese.
• Effective reduction of operational costs: All the difficult aspects of implementing specifications—such as token lifecycle management, cryptographic key management, and state management of transient security parameters during protocol processing—can all be offloaded to Authlete.

Furthermore, Authlete’s support for multi-region configurations was an important factor from a BCP perspective.

The common identity infrastructure utilizing Authlete has been in operation since July 2025. KAKEHASHI centralized authentication functionality across multiple products and delegated OAuth/OIDC protocol processing and token management to Authlete. This enabled KAKEHASHI to achieve high availability, meet security requirements, and improve development efficiency. 

At the same time, maintaining Amazon Cognito to manage existing identity and credential data enabled a phased migration of KAKEHASHI’s existing products to the new common identity infrastructure.

Furthermore, by outsourcing ongoing maintenance of OAuth/OIDC implementations to keep up with evolving standards, KAKEHASHI eliminated the need for in-house experts on those standards, thereby reducing infrastructure maintenance costs.

Comment from Kosui Iwasa, Tech Lead, Authentication and Authorization Infrastructure Team, KAKEHASHI Inc.

“Offloading the implementation and operation of OAuth and OIDC to Authlete made it possible to achieve high availability and security consistently. Also, by centralizing the identity infrastructure built on open standards, we’ve significantly reduced the cost of implementing user authentication. Our product teams can now focus on delivering core value and business logic. We’ll continue improving our common identity infrastructure to meet each product’s requirements flexibly."

Read more customer success stories here.