Customer experience is the driving force behind significant technical innovation in a number of industries. Vendors want to offer delightful experiences for their customers and keep them coming back in a highly competitive market. Too much friction or too many clicks and steps is a major turn off for customers who want simplicity and efficiency. At the same time, if customers hand over sensitive information, like credit card details or home address, they want to feel secure that this information will be handled with care.
Vendors must meet this duality of desire and deliver seamless and secure customer journeys.
Identity and Access Management (IAM) technologies are at the heart of this puzzle. IAM is an often forgotten enabler of products and applications and is the first digital interaction a customer has with a company. This is manifested in the sign-on or authentication process, when a user is identified as a known and trusted user. Not so obvious to the user is what happens when this first identification step is over. Then the process of determining what access levels this identified user is allowed. This step, the authorization step, is mostly hidden from the user until the user finds out that something is “broken” e.g. access is denied or too much access is revealed.
Although hidden, this is a crucial enabler of both security and customer experience.
Both of these very present perspectives put strong demands on the IAM infrastructure to be able to handle modern use cases. Traditional IAM solutions can buckle under the strain of streamlined and secure digital business journeys, however more modern approaches are built for it.
Broadening our understanding and use of access management and identity data can present an untapped opportunity for businesses, not only providing security but value.
A way around this challenge for app developers, has been to build authorization logic directly into the applications themselves and close to the data that the applications use. This is especially common with customer-facing applications. While this might make sense to an application developer, it makes enterprise-level access control extremely difficult and costly to manage, maintain and govern.
Beyond these challenges, and perhaps more importantly, it also creates challenges for customer experiences when the customer uses more than one application offered by the company. Customers may experience inconsistencies and have to re-enter information, reauthenticate, re-verify, etc. rather than a single connected experience.
Externalized authorization drives better customer experience
The solution to this problem, both for application developers and the enterprise as whole, is to externalize authorization decisions from the application logic and allow for applications and services to consume a centralized authorization service. This becomes particularly powerful when leveraging a fine grained authorization approach.
This not only enables simpler more efficient management and greater overview of your application security, but it also has significant implications for the customer, delivering a consistent and seamless experience across your suite of products and applications. The granularity of the solution also equips developers with the flexibility and control they need to design a seamless journey for the customer.
With an authorization engine built on a connected data model (where you can leverage data relationships as well as attributes in your access policy), you can design new customer experiences that extend your services.
One example is delegated authorization, whereby a user could delegate a controlled payment process between a parent and a child within a retailer’s loyalty program. To facilitate this, the delegation relationship can be defined in the data and implemented in the underlying Knowledge Graph, along with the data that represents the supporting relationships.
You can also design experiences that reach beyond the bounds of your brand by leveraging fine-grained access control to collect user consent for sharing data with a partner. For example, a hotel may want to offer their guests a discount with their partner e-scooter company. The customer could access the benefit without having to interact with the scooter company, download a new app or input all their data to activate the offer.
These use cases are just the tip of the iceberg of the enabling power of fine grained externalized authorization. It is a critical tool for enhancing customer experience and delivering services and user journeys that are seamless and delightful.
Learn more in the Whitepaper: Improving customer experience with dynamic and fine-grained access control.