CIAM, foundation for digital business

The digital revolution took hold more rapidly than anyone could have imagined. In order to survive – let alone thrive – in today’s environment, organisations must embrace a fully digital mindset. They need to provide consumers with frictionless access to their services from anywhere, anytime and any device.

As acknowledged by Gartner, Consumer Identity and Access Management (or: CIAM) is a core discipline to support digital business initiatives. With CIAM, organisations can provide customers with a single digital identity for instant access to online applications and services, while at the same time complying with legislative requirements such as GDPR. On the long term, this will enhance the relationship with customers, adding trust to the package.

Thieme

Why is CIAM so important?

The demand for fast, easy access to services through multichannel interactions can expose gaps and inefficiencies in consumer-facing processes. These gaps are often the result of disparate processes for different lines of business. Or they are caused by the use of regular Identity & Access Management (IAM) implementations that were initially designed to support IAM for employees; these implementations are either not designed to be resilient to change, or do not support multi-stepped and multi-faceted customer journeys.

The very nature of the products and services that digital organisations offer to consumers presents several critical challenges (see image below):

CIAM infographic-p1

1. Different login and information experiences across a variety of services and devices

Providing different user apps and/or portals to access different services creates friction as consumers need multiple log-ins for interacting with one single organisation.

2. The ability for consumers to view, edit, download and delete their data

To empower the consumer and with GDPR in full force, organisations must provide consumers with easy access to their data allowing them to edit, delete and download it at any point in time. Not only do most organisations lack such an overview, the data is often stored in multiple back-end systems making it virtually impossible to extract the data at all... leaving alone the costs associated with it.

3. Proof of GDPR compliancy across all systems

With consumer data being stored and managed in different back-end systems, GDPR auditors face a difficult and labour-intensive task. Proving GDPR compliancy requires extracting data manually from a number of different back- end systems.

4. High back-end complexity which leads to high Total Cost of Ownership

Each back-end system needs the appropriate levels of security and IAM capabilities to manage access and consumer data the right way. This is both complex and highly expensive.

Maximise flexibility and privacy with CIAM

CIAM (or: Consumer IAM) is designed to meet all requirements to compete in today's fast-changing, multi-channel business environment by allowing organisations to. By collecting and storing all consumer identity data in one platform, organisations and consumers reap a variety of benefits (see overview below):

CIAM infographic-p4

1. One frictionless experience across all channels
With CIAM capabilities such as easy registration, social login and Single Sign-On (SSO), organisations can offer their consumers one single experience across all channels. All identity data is transferred and stored safely in a single platform.

2. The ability to view and edit data settings and preferences
As required by privacy regulations like GDPR, consumers can view, edit and delete their data, either via a branded portal solution or in the organisation’s own portal environment (via iWelcome’s RESTful APIs). Moreover, consumers can easily download an extract of their data (in GDPR referred to as ‘data portability’).

3. Large efficiency gains for internal processes and stakeholders
In many organisations, personal data is stored and managed in different applications or systems. This is inconvenient for multiple stakeholders within an organisation. With all data stored and managed in one CIAM platform, organisations can create one 360-view of their consumers. This helps marketing & sales for cross- and up-selling, customer care can provide better support and compliance officers can gather all required consumer identity data from one single source.

4. Lower IT costs by taking away IAM complexity from different back end systems
A single, centralised CIAM platform eliminates the complexity of managing different data systems for different services, which significantly decreases IT costs.

iWelcome's key CIAM features

A comprehensive and flexible Consumer IAM platform serves consumers, marketeers, IT, security- and data-privacy officers. iWelcome's functionality in twelve fundamental components is shown in the image below.

CIAM

CIAM features explained in detail

(Social) Registration

Companies are increasingly focused on offering their customers frictionless experiences. The customer registration process is vital herein as it can either be a facilitator or a bottleneck for customers to proceed. The paradigm here is that it should be as easy as possible, yet highly secure.

iWelcome unburdens organisations by offering three types of registration each of which offered via APIs or customer-branded UI:

Standard Registration with a set of mandatory and optional fields; validation is done via email (and optionally SMS);
Social Registration reduces the registration effort by removing the need for consumers to use usernames and passwords allowing them to engage more easily and quickly, using their existing social media identity. iWelcome is the only provider to offer this in a GDPR-compliant manner;
Flexible Registration and Activation allows clients to configure workflows with certain software components supporting a wide set of registration use cases.

Client benefits

Identity matching via RESTful API / Web service;
Multiple registration and login options;
Support for all standard federation protocols;
Customised registration process using BPMN 2.0;
Account linkage with smart matching.

Consent Lifecycle Management

In addition to providing consent confirmation, GDPR requires organisations to implement a detailed approach to Consent Lifecycle Management. Not only should consumers be asked for consent in all situations where there is no contractual basis, organisations must also be able to demonstrate that a consumer has consented to any form of processing of his or her personal data, and for which purpose(s). Additionally, the consumer should be able to withdraw consent at any time, just as easily as it was given. In conclusion: consent is not a unique event; it must have a lifecycle in order to build trusted relationships. The right Consumer IAM solution will provide all of these capabilities.

User Self Service

The best way for companies to deeply engage with their end-users – while being compliant to GDPR – is to set up a self-service domain where consumers can view and change their own personal data settings themselves.

iWelcome’s user-service functionality enables consumers and employees to access and change profile information and data attributes, add social login connects, request additional access, do password resets, give or withdraw consent, and much more. All 24/7.

User Self Service empowers the end-users to manage everything around their Identity, full stop. It will give them trust and control. GDPR itself also dictates the Right of Information and Access for the consumer.

User Self Service is, with consent management,  necessary for User Managed Access (UMA).

Client Benefits

Fully in line with GDPR.
Available through branded UI and APIs.
User access to all functions and attributes.
Enable Consent, Profile, Preference management.
User control for DIY.

Single Sign-On (SSO), (Strong) Authentication & Federation

The key to being successful is to offer frictionless user experiences with the right levels of authentication.

iWelcome offers the following capabilities:

Single Sign-On allowing (end-)users to log in only once for access to multiple applications and/or services;
Multi-factor authentication based on the best industry standards Included push & swipe option for optimal customer experience or OTP via SMS or email;
Risk-based authentication allowing for real-time risk assessments based on certain parameters, to be configured per client;
Step-up authentication allowing for different levels of authentication required for different parts of your offering.

Client benefits

One Log-in for frictionless customer experience;
Customer-friendly yet strong MFA;
Add real-time ‘context’ to user profile;
Strongest authentication applied only when required;
Authentication is decoupled from actual service.

Identity Validation & Proofing

iWelcome’s identity validation allows companies to make sure a digital identity can be associated with a real person. Validated Identities enable high value and high-risk transactions on data to take place over the web. It is key for full digital transformation. iWelcomes can integrate with providers of identity validation (e.g. WebID) and digital alternatives (e.g. IDIN in NL or GOV.UK in UK).

Identity Proofing is about assessing the probability an identity claim is legitimate, as there is no such thing as absolute certainty.

Client Benefits

Increase trustworthiness of an identity;
Decreased risk on fraud;
Multiple identification means available;
Support for STORK levels of assurance.

User Management (including delegated features)

iWelcome offers multi-level user management functionality that can be used to add users and groups and to assign users to groups. Delegation of user management is supported on several levels, where at every level a user manager can be assigned the role of delegated admin.

Among others, the following scenarios are supported:

User registration by delegated admin via a simple web-portal for (temporary) accounts;
Administration (e.g. disable, delete, etc.) by delegated admin of temporary accounts;
Delegated users/Guests can set and activate their own password via the self-service portal;
Delegated users/Guests can reset or change their password via the self-service portal in case the password has been lost.

Client benefits

Delegated users can (re)set/activate/change passwords;
Available via customer-branded UI or RESTful API.

Service Desk

To facilitate its clients’ customer care management, iWelcome offers a Service Desk application that is tailor-made for customer care and service desk operating teams. It provides these teams with all of the functionality needed to effectively help (end-)users with any access-related issues that may arise. The application is highly scalable as it is designed for serving large enterprises serving millions of users.

Client benefits:

Ability to quickly search users.
Full view of all identity-related information.
User timeline showing all relevant identity-related events.
Password reset initiation.
Overview of service disruptions to troubleshoot issues.
Can easily be integrated into other customer care system(s).

Provisioning

Provisioning refers to the creation, maintenance and deactivation of user objects and user attributes over multiple systems and applications allowing these to interact with business logic.

The iWelcome platform provisions and de-provisions’ user accounts and attributes from multiple source systems (e.g. CRM, HR or any other identity stores like Active Directory, Windows Azure Active Directory, Identity Management Systems, and/or Master Data Management) and/or LDAP directories to business applications (relying parties). Provisioning of groups can be arranged via both push and pull mechanisms.

Client benefits

Automated & efficient provisioning processes.
Group provisioning on pull- and push basis.
Supports open source frameworks as ConnID.
Standard connectors or API- and SCIM-based.

Multi-branding & Omni Channel

An interesting case within Identity & Access Management is when (mainly large) companies own different brands (and thus: market identities). With its multi-branding functionality, iWelcome is perfectly able to support these companies with one single identity infrastructure over multiple brands, while maintaining each brand’s own identity (and thus look&feel). This typically results in consistent corporate management and lower TCO.

Client benefits

Segmentation options over brands.
Multi-branding with single 360 view of the (end-)user.
Omni-channel by design & principle.
Delegation within brands.

Attribute Flexibility

Today’s user experience is driven by user’s characteristics, also known as data attributes. As no business is the same, there is a strong need for valuable identity-related attribute information (ranging from relationship number till for instance the consumer’s shoe size). Attribute-Based Access Control (ABAC) and UMA are the future, with attributes as the fundament.

iWelcome offers organisations flexibility when it comes to gathering data attributes.

Client benefits

Metadata for every attribute (like validation level, data classification, expiration date).
Federation protocol and/or Rest API data exchange with customer environment.
Bi-directional data exchange.
Admin-UI to set UI attributes and/or disclosed by API.

KYC, profiling & auditing

Know Your Customer (KYC) is the process of identifying and verifying the identity of its consumers and business partners. This functionality is to ensure that company resources are not misused for criminal activities as money laundering.

iWelcome’s progressive profiling helps organisations build profile information over time as the consumer’s trust increases. This unified profile of the consumer is important for any marketing or segmentation toward consumers, creating value.   Identity Data is the heart of a CIAM program!

Client benefits

Increased trustworthiness of an identity.
Decreased risk of fraud.
Multiple identification means available.

Marketing Analytics & Intelligence

Customer identity information is more than interesting for every company’s marketing and sales organisation as it provides clear insights into your user population.

Via iWelcome, companies can easily extract complete and correct user intelligence. The following (and more) types of intelligence can be extracted:

Number of accounts, per attribute and / or preference.
Number of authentications, per geo / device/ browser / time.
Accounts with latest login and number of dormitory accounts.
Number of new account per period / category / geo.
Failed authentication attempts.

Client benefits

Integrated with main CRM and MA providers.
Logs are stored in secure locations.
Possibility to run reports at all times.
Multiple formats available for extracting.
ELK (ElasticSearch, Logstash, Kibana) stack is supported.

Consumer IAM & GDPR compliance

On 25 May 2018, the General Data Protection Regulation (GDPR) came in full force for all organisations that control and/or process personal data of EU citizens. With little time left on the clock, there is no time to waste for organisations that process or control personal data.

For a large part, GDPR is about how organisations gather, store, protect and manage the lifecycle of that data. And that is exactly where Consumer Identity & Access Management (CIAM) solutions fit in.

It is important to emphasise that not all requirements set by GDPR apply to CIAM. Think of important elements as the appointment of a Digital Privacy Officer (DPO), employee awareness training and the set-up of a Privacy policy.

Instead, at iWelcome we have identified eight important GDPR topics organisations must address with IAM to be GDPR compliant.

Consumer IAM blogs

#CONSENT – The state of adoption and how to beat competition

Triggered by GDPR, ePrivacy and PSD2 regulation, consultants and vendors have been throwing #Consent on us in all their social media messages. But what is really being done and...

gdpr consent

iWelcome Stories | Single Sign-On

In a new series of short videos, iWelcome's team members shed their lights on relevant industry topics in Consumer Identity & Access Management (or: Consumer IAM). This week's...

single sign on

The best way to store your passwords

Online passwords are the most commonly used way to prove your identity when using websites, email accounts and even the devices we all use on a daily basis. In my previous...
Passwords

Single Sign-On for controlled user experiences

In this blog, Arie Timmerman, Technical Consultant at iWelcome, shares some interesting thoughts on Single Sign-On: “Yes, it improves user experiences but there is no...

single sign on

iWelcome Stories | The importance of Consent and ePrivacy regulation

In a new series of short videos, iWelcome's team members shed their lights on relevant industry topics in Consumer Identity & Access Management (or: Consumer IAM). This week's...

manage identities

Get your CIAM toolset

Learn what analysts say

Get CIAM Insurer toolset

Get CIAM RfP questions

Learn what analysts say

Read our latest blog

CIAM, foundation for digital business

Why is CIAM so important?

Maximise flexibility and privacy with CIAM

iWelcome's key CIAM features

CIAM features explained in detail

(Social) Registration

Consent Lifecycle Management

User Self Service

Single Sign-On (SSO), (Strong) Authentication & Federation

Identity Validation & Proofing

User Management (including delegated features)

Service Desk

Provisioning

Multi-branding & Omni Channel

Attribute Flexibility

KYC, profiling & auditing

Marketing Analytics & Intelligence

Consumer IAM & GDPR compliance

Consumer IAM blogs

#CONSENT – The state of adoption and how to beat competition

iWelcome Stories | Single Sign-On

The best way to store your passwords

Single Sign-On for controlled user experiences

iWelcome Stories | The importance of Consent and ePrivacy regulation