In a digital age where security and customer experience are often equally paramount, a leading Scandinavian healthcare products manufacturer and distributor faced a critical challenge. The company aimed to bolster security across its suite of services and mobile applications while simultaneously enhancing the user experience and more adeptly addressing the needs of their B2B customers.
Challenges in Fragmented Digital Infrastructure
The company's journey mirrors a common narrative in the tech landscape: the incremental development of digital solutions without a cohesive long-term architectural plan. This approach often leads to a fragmented digital infrastructure where each application operates as an independent silo. These silos each maintain their own user store, permissions management, and business-critical data, making it difficult to harness valuable customer insights. This fragmentation not only hinders operational efficiency but also impedes the business's ability to fully leverage customer data.
Implications for Customers and the Business
- The disjointed user experience across applications and services diminishes satisfaction and engagement.
- The increased difficulty in navigating and using applications and services introduces unnecessary friction, detracting from the overall user experience.
For the business:
- Inconsistent enforcement of authentication and authorization policies risks security vulnerabilities and erodes customer trust.
- The need for customers to repeatedly register and authenticate introduces significant friction, potentially resulting in customer attrition and lost business opportunities.
Inadequate processes for capturing customer consent risk non-compliance with stringent EU privacy and consent regulations, exposing the company to legal and financial repercussions.
Navigating EU Regulations
Operating within the European Union adds another layer of complexity, necessitating compliance with EU regulations, such as the General Data Protection Regulation (GDPR) and the Schrems II decision. These regulations mandate that customer data must be stored within the EU and managed by an EU-based entity, significantly narrowing the field of suitable solutions.
Implementing a Comprehensive CIAM Solution
After a thorough evaluation process, the company chose OpenIAM's Customer Identity and Access Management (CIAM) platform, delivered as a Software as a Service (SaaS) solution within the European Union. OpenIAM’s CIAM solution was selected for its ability to address the multifaceted challenges the company faced, offering a robust framework for enhancing security and user experience across all digital services.
Key Solution Components
Modernization through Integration
The company modernized its application infrastructure by integrating with OpenIAM’s REST API with OAuth initially and then transitioned over to the SDKs as they became available. This integration facilitated the establishment of common authentication and authorization policies, centralizing policy administration and ensuring consistent policy enforcement across applications. The result was a notable enhancement in security across the company’s digital ecosystem.
Streamlined Authentication with National IDs
To simplify user adoption, the company leveraged OpenIAM’s integration with Criipto to enable authentication via national banking IDs like MitID (Denmark), and BankID (Norway and Sweden). This allowed B2B customers to seamlessly access applications using their national banking ID. New users were created in OpenIAM using just-in-time user provisioning. The integration with Criipto also enabled the extraction of basic, shareable information in accordance with each country's eID scheme, significantly reducing the registration process while ensuring a secure authentication mechanism.
Multilingual Consent Management
Consent management was enhanced to support multiple languages, with consent policies and agreements configured within OpenIAM and rendered by individual mobile applications. OpenIAM’s capability to synchronize consent decisions with marketing automation platforms like Pardot and Marketo allowed the company to manage customer preferences consistently, mitigating the risk of regulatory penalties.
Employee Access Integration
Recognizing the need for employees to access the system, the company integrated its Azure Identity Provider (IdP) with OpenIAM. This integration facilitated just-in-time provisioning and the application of birthright access rules, automatically granting employees the appropriate level of access without manual onboarding processes.
These initiatives represented the first phase of the company’s rollout, setting the stage for enhanced security and a superior user experience for an initial set of users. Through strategic integration and innovative use of technology, the company has laid a solid foundation for a secure, user-friendly digital environment.