How Napkin AI became enterprise ready on Firebase with Scalekit
Before
- Napkin used Firebase Authentication and did not want to refactor their stack
- Enterprise prospects required Microsoft Entra ID and Okta SSO integrations
- Building and maintaining SAML or OIDC flows in house would have slowed product momentum
- They needed a solution that worked cleanly inside Firebase and scaled across multiple customers
After
- Napkin integrated Entra ID and Okta via Scalekit while keeping Firebase as core auth
- Both SP initiated and IdP initiated SSO flows worked without custom Firebase changes
- The first enterprise partner went live through an async rollout with fast support when needed
- Napkin now has a repeatable enterprise SSO foundation to expand to more customers
.png)
Napkin lets anyone communicate ideas visually by transforming text into crisp, customizable visuals that drop straight into where teams work, from Docs and Slides to Canva, Slack, and Microsoft Office. As usage spread across companies, Napkin started pushing into enterprise, where scaling visual storytelling also meant meeting stricter identity, IT, and compliance expectations.
There was just one catch. The product already relied on Firebase Authentication. It was stable, deeply embedded in their product, and not something they wanted to replace just to satisfy an enterprise checkbox. Rebuilding auth or maintaining SAML and OIDC connections in house would have slowed the roadmap considerably. The team needed a way to add enterprise SSO while keeping Firebase as the core auth system their app was built around.
The solution Napkin AI needed
Scalekit fit that need cleanly. Instead of forcing a new stack, Scalekit plugged into Firebase as an OpenID Connect provider. Firebase treats Scalekit like any other OIDC identity provider. When an enterprise user signs in, the flow routes through Scalekit to the customer’s IdP such as Entra ID or Okta, then returns the user back into Napkin AI already authenticated in Firebase. This let Napkin introduce enterprise SSO without rewriting their existing auth logic.
In the live setup, Scalekit acts as an OIDC provider to Firebase. When a user signs in, authentication flows through Scalekit to the customer’s identity provider, and the user is routed back into the app fully authenticated. Napkin AI was able to support both service provider initiated sign in from within the product and IdP initiated access from portals like Entra ID or Okta, without adding custom complexity to Firebase.
Another key part of the rollout was how smoothly it progressed even without synchronous support. Erwan was travelling and could not jump on a call soon, so the integration moved forward largely asynchronously. Even then, progress did not stall. The docs were clear enough for Napkin AI to keep implementation moving on their own, and when a real configuration edge case surfaced during the first partner setup, Scalekit investigated quickly and shipped a fix. That kept go live on track and gave Napkin AI confidence that enterprise onboarding would stay predictable as they expanded SSO to more customers.
Results with Scalekit
With Scalekit, Napkin was able to:
- Add enterprise SSO to Firebase without refactoring core auth
- Support Microsoft Entra ID and Okta out of the box
- Enable IdP initiated and SP initiated SSO flows for enterprise users
- Go live with their first enterprise partner through an async rollout
- Establish a repeatable SSO foundation to expand across future enterprise customers
Why Scalekit?
- Developer first Firebase integration. OIDC drop in inside Firebase, no stack rewrite.
- Enterprise IdP coverage. Entra ID, Okta, and other major IdPs supported out of the box.
- Async friendly support. Clear docs plus fast fixes kept momentum high even without calls.
- Built to scale. One integration that works across many enterprise customers.\
