In 2018, J.B. Hunt, a Fortune 500 company founded over 60 years ago, began a multi-year journey to transform internal software written for employees into an externally available SaaS offering to be used with or without our own transportation assets. We have since added external customers with revenue in the millions of dollars. This session shares our experience, challenges, and design choices from selection of an open-source IAM product to building a multi-tenant platform on top of it. Specific points include architecture of the platform including users, organizations, and applications, use of an open source product (Keycloak) for customer IAM, federating with customer identity providers, distributing security administration for scale, use of passkeys and MFA, and combating fraud.