The road to the C, paved with B2B
The diversity of identity types that are managed in IAM platforms is evolving.
Where managing employees and customers has become well adapted, thereâs also an important group of users with more complex requirements in between: the business partners. Imagine contractors, agents, brokers and dealers; all involving specific processes, lifecycle, interactions and relationships.
In practice, B2B IAM can focus on both B2B2B (business-to-business-to-business) or B2B2C (business-to-business-to-consumer) interactions. What these interactions have in common, is that a layer of intermediaries needs to be serviced, with advanced registration and delegation capabilities, but also with consumer-friendly options such as consent management and CRM integrations.
The main business benefits of B2B IAM
We distinguish three major benefits for organisations using B2B Identity & Access Management:
1. Efficiency
For most companies, the key challenge in B2B IAM is to build a unified identity platform and get rid of identity silos where multiple identity stores use multiple applications. Eventually, this will result in improved productivity, security, governance, compliance and monitoring.
2. Reducing costs and revenue growth
When designing an identity solution, it is important to separate customers, B2B customers and workforce, because they all have their own requirements. The traditional goal of B2B IAM is to reduce the risk and costs that result from onboarding and offboarding partners, B2B customers and suppliers. But B2B IAM can also contribute to revenue growth by improving the B2B customer journey and by leveraging identity data to build trusted relationships with B2B customers.
3. User convenience
Large organisations in your B2B community can benefit from federated access. The iWelcome B2B IAM solution enables multiple types of federation, allowing a large number of users from the partner organisation to access your services using their own company ID. This âbring your own IDâ policy minimises administrative overhead and security issues related to synchronisation of identities and passwords. On the B2B customer side, âbringing your own IDâ allows users to benefit from federated authentication with one single sign-on solution.
iWelcome's key B2B IAM features
iWelcome's B2B IAM solution contains 8 fundamental components as shown in the image and explained below.
B2B IAM features in detail
The best way for companies to deeply engage with their end-users â while being compliant to GDPR â is to set up a self-service domain where consumers can view and change their own personal data settings themselves.
iWelcomeâs user-service functionality enables consumers and employees to access and change profile information and data attributes, add social login connects, request additional access, do password resets, give or withdraw consent, and much more. All 24/7.
User Self Service empowers the end-users to manage everything around their Identity, full stop. It will give them trust and control. GDPR itself also dictates the Right of Information and Access for the consumer.
User Self Service is, with consent management, âšnecessary for
Client Benefits
- Fully in line with GDPR.
- Available through branded UI and APIs.
- User access to all functions and attributes.
- Enable Consent, Profile, Preference management.
- User control for DIY.
The key to being successful is to offer frictionless user experiences with the right levels of authentication.
- Single Sign-On allowing (end-)users to log in only once for access to multiple applications and/or services;
- Multi-factor authentication based on the best industry standards Included push & swipe option for optimal customer experience or OTP via SMS or email;
- Risk-based authentication allowing for real-time risk assessments based on certain parameters, to be configured per client;
- Step-up authentication allowing for different levels of authentication required for different parts of your offering.
Client benefits
- One Log-in for frictionless customer experience;
- Customer-friendly yet strong MFA;
- Add real-time âcontextâ to
user profile; - Strongest authentication applied only when required;
- Authentication is decoupled from actual service.
Among others, the following scenarios are supported:
- User registration by delegated admin via a simple web-portal for (temporary) accounts;
- Administration (e.g. disable, delete, etc.) by
delegated admin of temporary accounts; - Delegated users/Guests can set and activate their own password via the self-service portal;
- Delegated users/Guests can reset or change their password via the self-service portal in case the password has been lost.
Client benefits
- Delegated users can (re)set/activate/change passwords;
- Available via customer-branded UI or RESTful API.
To facilitate its clientsâ customer care management, iWelcome offers a Service Desk application that is tailor-made for customer care and service desk operating teams. It provides these teams with all of the functionality needed to effectively help (end-)users with any access-related issues that may arise. The application is highly scalable as it is designed for serving large enterprises serving millions of users.
Client benefits:
- Ability to quickly search users.
- Full view of all identity-related information.
- User timeline showing all relevant identity-related events.
- Password reset initiation.
- Overview of service disruptions to troubleshoot issues.
- Can easily be integrated into other customer care system(s).
Provisioning refers to the creation, maintenance
The iWelcome platform provisions and de-provisionsâ user accounts and attributes from multiple source systems (e.g. CRM, HR or any other identity stores like Active Directory, Windows Azure Active Directory, Identity Management Systems, and/or Master Data Management) and/or LDAP directories to business applications (relying parties). Provisioning of groups can be arranged via both push and pull mechanisms.
Client benefits
- Automated & efficient provisioning processes.
- Group provisioning on
pull - and push basis. - Supports open source frameworks as ConnID.
- Standard connectors or API- and SCIM-based.
An interesting case within Identity & Access Management is when (mainly large) companies own different brands (and thus: market identities). With its multi-branding functionality, iWelcome is perfectly able to support these companies with one single identity infrastructure over multiple brands, while maintaining each brandâs own identity (and thus look&feel). This typically results in consistent corporate management and lower TCO.
Client benefits
- Segmentation options over brands.
- Multi-branding with single 360
view of the (end-)user. - Omni-channel by design & principle.
- Delegation within brands.
Todayâs user experience is driven by
Client benefits
- Metadata for every attribute (like validation level, data classification, expiration date).
- Federation protocol and/or Rest API data exchange with customer environment.
- Bi-directional data exchange.
- Admin-UI to set UI attributes and/or disclosed by API.
Customer identity information is more than interesting for every companyâs marketing and sales
Via iWelcome, companies can easily extract complete and correct user intelligence. The following (and more) types of intelligence can be extracted:
Number of accounts, per attributeand / or preference.- Number of authentications, per geo / device/ browser / time.
- Accounts with latest login and number of dormitory accounts.
Number of new account perperiod / category / geo- Failed authentication attempts.
Client benefits
- Integrated with main CRM and MA providers.
- Logs are stored in secure locations.
- Possibility to run reports at all times.
- Multiple formats available for extracting.
- ELK (ElasticSearch, Logstash, Kibana) stack is supported.
