As the digital economy continues to expand, customer expectations are higher than ever. Providing an optimal user experience (UX) is now business-critical for gaining a competitive advantage. Yet according to a new NTT Ltd. report many organisations are getting this wrong. In fact, worryingly, only 5% of companies in Europe have stated that they are currently delivering a fully functioning customer experience (CX).

Providing streamlined and secure experiences is crucial for ensuring customers interact with organisations’ online apps and services on a regular basis – whether those are B2B, B2C or G2C. For such services to exist, businesses need to consider a number of fundamental elements. How will users confirm who they are when they register and log in to a service? How are those identities then verified? And which parts of the service do they need access to? These factors have very specific identity and access management (IAM) requirements – and failing to deliver on them can have very negative consequences for any brand.

Alongside providing a seamless UX, digital marketers and CX professionals will also be hyper aware that security is paramount for building customer trust. A lack of robust identity practices has the potential to lead to a data breach as a result of employee-led error or malicious actors targeting a service via vulnerable access points.

Workforce, or employee, IAM, however, is not designed to be customer facing at scale. Employees have little choice but to use whatever systems are mandated by the IT team, and they will then receive training on the business system in question. Customers, on the other hand, do have a choice, and will quickly turn to a company’s competitors, or physical point of service in public sector cases, in the case of a poor experience with an application.

Appropriate balancing of security and UX is a fine art, which is why more organisations are turning to the relatively new subset of IAM known as customer identity and access management (CIAM) – a category of IAM specifically focused around managing the identities of external users such as customers and partners. Here are some examples of CIAM tools and their benefits.

Multi-factor authentication (MFA) 

Through implementing MFA or 2 factor authentication (2FA), organisations are able to take a layered approach to identity. This requires users to verify their identity with more than one authentication method – most often with something a customer knows such as a password and something they have such as a mobile device. MFA allows businesses to boost the security of their apps significantly: even if a potential hacker was able to get through one authentication barrier, for example, it would be highly unlikely that they would be able to get through two.

While it is a necessity for safeguarding sensitive customer data, the complexity and cost for customers to successfully use MFA has impacted adoption. Technological advances, however, have meant that MFA no longer jeopardises the CX of an app. As MFA fast becomes the gold standard across services, then, users are becoming increasingly accustomed to the practice and understanding why it is in place.

That said, there are three key ways marketers can implement seamless MFA experiences. Firstly, replacing passwords in favour of stronger, more convenient authentication options (such as an existing verified identity credential) removes the burden of asking the customer to remember yet another set of credentials. Secondly, it is important to ensure authentication methods are appropriate for the target audience and level of data sensitivity. A social login (e.g. 'sign in using Facebook') is not as strong as a verified identity such as a bank ID, but when they are used together to “step-up” the level of authentication when the transaction necessitates, the solution will combine a good user experience with appropriate levels of authentication at the appropriate time

Lastly, allowing customers to choose the authentication method that suits them best is an effective method for ensuring an optimum CX. In most cases, users will likely select to authenticate the identities they already own, a trend that is also known as BYOID (bring your own identity).

Self-service account management

Customers want to manage their own identity credentials and detail at any time of day, from any place. To enable them to do so, a core feature of CIAM is self-service account management. This tool allows users to manage their own password resets, consent and communication preferences. Self-service account management not only improves UX, but also has significant cost savings for a business. According to Forrester, for example, a single manual password reset is incredibly expensive, costing an organisation over £50 each time. By giving companies the ability to skip this step in allowing users to reset passwords themselves or using third party identity providers, identity solutions can cut costs significantly.

When deploying self-service account management, linking it to the organisation’s customer relationship management (CRM) system is vital. This way, companies can increase the accuracy of their data across systems and put customers in control of preferences to help with GDPR compliance. Overall, this allows for better planning around marketing, CX and personalisation of services.

Single sign-on (SSO) 

A core CX and security asset, SSO means users only need one set of credentials to verify their identity, rather than having a separate log in for each application.

Through integrating SSO into an application, customers and partners can sign into an organisation’s web application once, to then automatically be logged in to all connected services and applications that they have the right to access. A primary example of effectively implemented SSO is a Google account. Once logged in, an individual isn’t required to repeatedly sign in to access the Mail, Drive and Analytics services – any application that the user has defined privileges.


Federation allows organisations to build links between their own services and external third party services.

This allows businesses to raise awareness of their brand through federated third party services. In addition, if an organisation already invests in strong Know Your Customer (KYC) assurance practices for onboarding their own customers (much like telco providers and banks), then there is potential to create new revenue streams via other organisations benefiting from these verified identities for their own applications.

What’s more, allowing SSO to other federated services is a crucial win for CX as it removes the frustrations that arise with customers having different credentials for multiple applications and services.

Delegated Authority

Delegated Authority is a solution designed to enable either individual or organisation users to simply delegate the right to use digital services on their behalf in B2B, B2C and B2B2C applications. It is extremely beneficial as it digitalises otherwise admin-heavy ways of granting account access.

There are a few key ways that digitising delegation processes can make a considerable difference to an organisation’s identity management practices. When it comes to B2B services, for example, it means that third party suppliers and partners can access a service seamlessly and, importantly, securely. Insufficient identity measures here can lead to data breaches, which can have damaging consequences to brand reputation.

Using delegated authority for B2C services allows customers to delegate allowances within family contracts, for instance. And a B2B2C use case example would be businesses outsourcing corporate tax admin to another company, allowing them to delegate access within their own company to avoid time-intensive manual workflows.

Guaranteeing secure and seamless experiences

Ultimately, investing in CIAM can generate significant ROI when leveraged correctly. By prioritising the customer in IAM, CIAM tools ensure that users interacting with an organisation’s apps and services are receiving an optimal CX – creating a unique competitor business differentiator as a result.
Most importantly, prioritising identity management means that marketers and the wider business can promise that the ID data of customers is being protected and managed in the most efficient way possible.

By Simon Wood, CEO, Ubisecure

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus