Quite a few of the Ubisecure blog posts have recently been about projects we are participating in, technology deep dives or GDPR. Time to take a step back and go to the basics and figure out which are the fundamental features and benefits of Customer Identity and Access Management for your organisation.
The Customer part of CIAM
If you are wondering about the basics of Identity and Access Management, please read this blog first. Customer IAM is a subcategory of Identity and Access Management. CIAM solutions concentrate on external users, those users who generate revenue for your company. The main emphasis is about managing the customer identities, but CIAM solutions work equally well with other type of external stakeholders; partners, contractors, shareholders, value chain members etc. Sometimes you see the CIAM acronym associated with Consumer IAM, which is a subcategory of Customer IAM – it omits the B2B or G2B cases altogether.
Identity and Access Management solutions have been around for a long time. One of their main goals from day one has been to reduce the number of identities a user has, or allow single sign-on between services (and hiding the fact that there could be multiple identities involved). Consider the online applications your external users utilise. How many applications do you have? Is your organisation serving both consumer and business customers or partners? Do external contractors / consultants access your online applications? Do you offer collaboration spaces?
The goal of a CIAM solution, and one of the key benefits of Customer Identity and Access Management, is to enable your external user to use a single identity to access various online applications, regardless of what business line they belong to, or to whom they are intended for. You might wonder right now – how’s that possible? Quite simple really. For each different application, the user has a different role (authorisation) that describes what they can do within the application. Without a proper role (authorisation), the user cannot access the service.
What does this mean to your organisation? If you have more than one application for your external users, and especially if you cater both consumer and business customers you should recognize these facts about CIAM
- Convenience for your external users as they can utilise a single identity to access all applications they are authorised to use
- Cost reduction in maintenance and overhead through consolidation to a single identity solution
- Very helpful when you consider privacy regulation such as the GDPR (single identity vs multiple identities)
Know Your Customer – Outsource
The KYC principle is very strong in some industries. You cannot be a bank without properly knowing your customers. KYC is much more though than just regulatory requirement. Knowing your customer helps you serve them better. It’s frustrating for both your employees and the customer personnel when e.g. your sales reps are calling completely wrong people. Inefficiency is a result when you don’t have valid, up-to-date data on your customers.
How can you overcome this problem, efficiently? CRM systems have been around for ages. Yet, each year on average 20-30% of the customer data goes bad. The very simple reason for this is that your employees do not have visibility to the external organisation, and even though your marketers and sales personnel try to keep up with the constant change, they just can’t make it efficiently. The answer – outsource the management of these external identities to the external organisation.
Some CIAM solutions (like ours – surprise surprise) are built to enable something called tiered delegated management of (external) identities. Let’s take apart the first word “tiered”;
- The tiered structure means that on the top you have your own authoritative source / resource. It can be your CRM contract data, a sales manager, customer representative, or a mix of these kinds of sources. The next tier will be the external organisation and a named employee of that organisation. The third tier another employee of the external organisation. Fourth tier could be an organisation unknown to you, but related to the external organisation you know (is your customer).
- By delegation you authorise the external organisation & named person within that organisation to manage their own identities (that are used to access your online services). The basic assumption is that the named person then invites employees from his own organisation to use your online services, and authorises them properly through roles. A role can also be delegated to an unknown (to you) organisation to represent the external organisation in your online services.
Still with me? In a nutshell, CIAM allows you to outsource the management of identity and authorisation information to the external organisation. What does this mean then?
- Vastly improved data accuracy as your customers are managing the information themselves
- Through accurate data your sales and marketing efficiency will improve
- Very helpful for GDPR when your customers (consumer or business) can manage their own identity and authorisation information through self-service workflows
+ Added bonus: As this process is almost always tied to the information stored within your CRM, all access privileges for each and every employee (of your customer) or authorised third party will cease at the very same moment when the contract information within the CRM expires (the external organisation is no longer your customer). A very good feature for risk mitigation.
Not Another Password
A basic functionality requirement and one of the nice benefits of Customer Identity and Access Management solution is the support for various (external & internal) authentication technologies and protocols. Your customers already have a working authentication credential. Allow them to use that. Do not require them to create yet another password for your services. When a CIAM solution provides support for third party authentication methods / digital identities, your customers can bring their own identity.
- Consumers love this as it allows for quicker registration (conversion) and ease of use (returning customer). The result? Increased revenue.
- Business customers will be extremely happy when they can single sign-on to your services from their own corporate network. Just ask yourself a question: How many passwords do you have to external online services you use daily in your work? Are all your passwords complex (or phrases) and unique per service?
These were just the first few features that a good CIAM solution should have. If these stirred something inside you, or you realised that I’ve just described at least one of your pains, we’d love to hear more from you.