Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Stop Treating Your Customers Like
Your Employees
Ian Glazer
Senior Director, Identity
iglazer@salesforce.com
@iglazer
“Please continue to hold.
Your call is very important
to us and it will be
answered in the order it
was received.”
Work?
Home?
“Your usage of this service
constitutes consent to our
Terms of Service.
If you have any questions
please consult our
Acce...
Work?
Home?
Disappointing,
but not surprising
A Little History
Identity for
Employees
Many years of
common practices
and patterns
Right Access
Right Access Right People
Right Access Right People Right Place
Right Access Right People Right Place Right Time
Identity for
Customers
Great Innovation
Lacking Common
Practices & Patterns
Right Experience
XP
Right PeopleRight Experience
XP
Right People Right PlaceRight Experience
XP
Right TimeRight People Right PlaceRight Experience
XP
Deliver the
right experience
New Stakeholders
Sales
Marketing
Alumni Affairs
Community Dev.
But without
common practices
and patterns…
“Please continue to
hold…”
Disappointing,
but not surprising
The Opportunity
Before Us
External Identity
Customer Identity
Consumer Identity
Growth opportunity
for the business
Growth opportunity
for identity
professionals
The opportunity to delight
Complete Picture for a Richer Relationship
Complete Picture for a Richer Relationship
Delighted
Customers
Customer Identity
is
IAM’s “Killer App”
You can’t get to the
boardroom by selling
user provisioning
Customer Identity
is our chance to be
business enablers
We are not here
What is
customer identity
management?
Identity World View
Identity is at the core of every interaction
Connected
Customers
Connected
Employees
Connected
Partner...
Business World View
Customer is at the core of every interaction
Delighted
Customers
Connected
Employees
Connected
Partner...
Customer identity
makes
interactions possible
X-Channel
X-Business Function
X-Organization
Cross-Channel
YOUR CONTENT HERE
Just change the background layer
(right-click > arrange)
Don’t have an
account?
Forgot you...
Cross-Channel
Brick & Mortar
Sales
Social
Listening
Call
Center
Cross Business Function
Delighted
Customers
Sales Service
MarketingProduct
Cross Organization
X-Channel
X-Business Function
X-Organization
How is
customer identity
different from
employee identity?
Different
Ends of the
Spectrum
IAM
Techniques
IAM
Techniques
Employee-
Centric IAM
• Traditional
• Organization is
owner & authority
• Lots of User
Provisioning
• Web A...
IAM
Techniques
Employee-
Centric IAM
• Traditional
• Organization is
owner & authority
• Lots of User
Provisioning
• Web A...
Employee-Centric Technologies Customer-centric
System of Record
Attribute Management and
Propagation
Islands of Identity
S...
Employee-Centric Technologies Customer-centric
HR(s) System of Record
User Provisioning
Directory Synchronization
Pushing ...
Employee-Centric Technologies Customer-centric
HR(s) System of Record
Internal: CRM and LOB databases
External: Social Pro...
Different Lifecycles
Join Move Leave
Traditional IAM Lifecycle
Relationship Value
Progression
Anonymous
Pseudonymous
Known
Higher ValueLower Value
Anonymous
Join
Pseudonymous
Move
Known
Move
Access Path
Progression
Web
Mobile
Thing
Developer
Web
Join
Mobile
Join/Move
Thing
Move
Developer
Move
Join.
Move.
Leave?
Long Relationships
=
Privacy Implications
HR used to provide the privacy coverage Identity need
Internal-facing identity system are rarely subject to Privacy Impact...
Different Techiques
Different Lifecycles
Customer identity
is larger than
employee identity
Customer Identity Components
IAM Components
Customer Identity Components
Federation
User
Profile Mgt
Assurance Proofing
Customer Identity Components
IAM
Components
IAM-like
Components
Non-IAM
Components
Broker social login to content
portals and other 3rd party
properties
Ability add and protect attributes
passed to other p...
• Automated – via a social
provider or directory service
• Manual – Self-service sign-up
• Consistent branding control
thr...
Techniques to raise identity assurance
2nd Factors:
• Can work but user experience suffers
• Adaptive access control must ...
Service providers have to be
better neighbors
Follow Finance model of FS-ISAC
Teams to help people get their
accounts back...
Meaningful integration designed
to create 360° view of the
customer
• Sales
• Service
• Marketing
• eCommerce
• Content Ma...
More than just
IAM components
How is
customer identity
different from
enterprise identity?
Technologies needed
are different
Customer Identity Components
IAM
Components
IAM-like
Components
Non-IAM
Components
Lifecycles
are different
Anonymous
Pseudonymous
Known
Web
Mobile
Thing
Developer
Join
Move /
Change
Leave
Techniques
are different
IAM
Techniques
Employee-
Centric IAM
• Traditional
• Organization is
owner & authority
• Lots of User
Provisioning
• Web A...
Privacy expectations
are different
Goals
are different
Right Access Right People Right Place Right Time
Employee-centric IAM Goals
Right Experience Right People Right Place Right Time
XP
Customer-centric IAM Goals
Stakeholders
are different
We are not here
Sales
Marketing
Alumni Affairs
Community Dev.
The opportunities
are greater
The opportunity to delight
Stop using
Employee-Centric
IAM for your
customers
Stop treating your
customers like
employees
Start delighting them
“Your time is
important to me.
Continue to enjoy the
conference & thanks
for your attention.”
Thank you
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Stop treating your customers like your employees
Upcoming SlideShare
Loading in …5
×

Stop treating your customers like your employees

1,832 views

Published on

Lacking common practices and patterns, identity professionals have applied tried-and-true enterprise-centric techniques to their customer-centric use cases. This is a mistake. Customer Identity is significantly different from Employee Identity. This talk walks through some of those difference.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Stop treating your customers like your employees

  1. 1. Stop Treating Your Customers Like Your Employees Ian Glazer Senior Director, Identity iglazer@salesforce.com @iglazer
  2. 2. “Please continue to hold. Your call is very important to us and it will be answered in the order it was received.”
  3. 3. Work?
  4. 4. Home?
  5. 5. “Your usage of this service constitutes consent to our Terms of Service. If you have any questions please consult our Acceptable Use Policy.”
  6. 6. Work?
  7. 7. Home?
  8. 8. Disappointing, but not surprising
  9. 9. A Little History
  10. 10. Identity for Employees
  11. 11. Many years of common practices and patterns
  12. 12. Right Access
  13. 13. Right Access Right People
  14. 14. Right Access Right People Right Place
  15. 15. Right Access Right People Right Place Right Time
  16. 16. Identity for Customers
  17. 17. Great Innovation
  18. 18. Lacking Common Practices & Patterns
  19. 19. Right Experience XP
  20. 20. Right PeopleRight Experience XP
  21. 21. Right People Right PlaceRight Experience XP
  22. 22. Right TimeRight People Right PlaceRight Experience XP
  23. 23. Deliver the right experience
  24. 24. New Stakeholders
  25. 25. Sales Marketing Alumni Affairs Community Dev.
  26. 26. But without common practices and patterns…
  27. 27. “Please continue to hold…”
  28. 28. Disappointing, but not surprising
  29. 29. The Opportunity Before Us
  30. 30. External Identity Customer Identity Consumer Identity
  31. 31. Growth opportunity for the business
  32. 32. Growth opportunity for identity professionals
  33. 33. The opportunity to delight
  34. 34. Complete Picture for a Richer Relationship
  35. 35. Complete Picture for a Richer Relationship Delighted Customers
  36. 36. Customer Identity is IAM’s “Killer App”
  37. 37. You can’t get to the boardroom by selling user provisioning
  38. 38. Customer Identity is our chance to be business enablers
  39. 39. We are not here
  40. 40. What is customer identity management?
  41. 41. Identity World View Identity is at the core of every interaction Connected Customers Connected Employees Connected Partners Connected Products User Name Password Login
  42. 42. Business World View Customer is at the core of every interaction Delighted Customers Connected Employees Connected Partners Connected Products User Name Password Login
  43. 43. Customer identity makes interactions possible
  44. 44. X-Channel X-Business Function X-Organization
  45. 45. Cross-Channel YOUR CONTENT HERE Just change the background layer (right-click > arrange) Don’t have an account? Forgot your password? Mobile Web API
  46. 46. Cross-Channel Brick & Mortar Sales Social Listening Call Center
  47. 47. Cross Business Function Delighted Customers Sales Service MarketingProduct
  48. 48. Cross Organization
  49. 49. X-Channel X-Business Function X-Organization
  50. 50. How is customer identity different from employee identity?
  51. 51. Different Ends of the Spectrum
  52. 52. IAM Techniques
  53. 53. IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation
  54. 54. IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation Customer- Centric IAM • Modern • Individual is owner; no single authority • Profile Management • Federation and social sign-on
  55. 55. Employee-Centric Technologies Customer-centric System of Record Attribute Management and Propagation Islands of Identity Single Sign-On Mobile Device Management Consent
  56. 56. Employee-Centric Technologies Customer-centric HR(s) System of Record User Provisioning Directory Synchronization Pushing Attributes Attribute Management and Propagation Most legacy systems Reducing to Active Directory Islands of Identity Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Common Mobile Device Management Implied in employer/employee relationship Consent
  57. 57. Employee-Centric Technologies Customer-centric HR(s) System of Record Internal: CRM and LOB databases External: Social Providers, Banks, Universities, Governments, etc User Provisioning Directory Synchronization Pushing Attributes Attribute Management and propagation Profile Management Lookup at time of use and JIT Pulling attributes Most legacy systems Reducing to Active Directory Islands of Identity Legacy systems but federation- ready apps increasing Proprietary WAM for legacy Federation for newer apps & SaaS Single Sign-On Standards-based federation Some proprietary social providers Common Mobile Device Management Uncommon, if not forbidden Implied in employer/employee relationship Consent Must be gathered and adhered to consistently
  58. 58. Different Lifecycles
  59. 59. Join Move Leave Traditional IAM Lifecycle
  60. 60. Relationship Value Progression
  61. 61. Anonymous Pseudonymous Known Higher ValueLower Value
  62. 62. Anonymous Join Pseudonymous Move Known Move
  63. 63. Access Path Progression
  64. 64. Web Mobile Thing Developer
  65. 65. Web Join Mobile Join/Move Thing Move Developer Move
  66. 66. Join. Move. Leave?
  67. 67. Long Relationships = Privacy Implications
  68. 68. HR used to provide the privacy coverage Identity need Internal-facing identity system are rarely subject to Privacy Impact Assessment Customer identity requires: • Data retention and protection • Persistence and respect of privacy preferences • Attribute release consent management Previously ignored privacy challenges
  69. 69. Different Techiques Different Lifecycles
  70. 70. Customer identity is larger than employee identity
  71. 71. Customer Identity Components IAM Components
  72. 72. Customer Identity Components Federation User Profile Mgt Assurance Proofing
  73. 73. Customer Identity Components IAM Components IAM-like Components Non-IAM Components
  74. 74. Broker social login to content portals and other 3rd party properties Ability add and protect attributes passed to other platforms Ability to pass entitlements OpenID Connect unlocks many doors • But there’s plenty of proprietary too Security Token Services • SAML • OAuth 2.0 • OpenID Connect • Proprietary Federation Social Provider Connectivity Protocol Brokering Federation
  75. 75. • Automated – via a social provider or directory service • Manual – Self-service sign-up • Consistent branding control throughout Self-service control over: • Social providers can be used • Apps can access data • Attributes can be used • Marketing preferences • Manual - Mechanisms to ask the user for a little more data • Automated – data verification and record enhancement Registration Services Profile Management Profile Enhancement User Profile Management
  76. 76. Techniques to raise identity assurance 2nd Factors: • Can work but user experience suffers • Adaptive access control must play a roll here • Ideally this is recognition’s territory Plugins for different proofing providers • Often based on geography Two modes: • Asynchronous for offline proofing • Synchronous for user quizzes • But mind the user experience Integration with internal proofing sources Assurance and Proofing Identity Assurance Identity Proofing
  77. 77. Service providers have to be better neighbors Follow Finance model of FS-ISAC Teams to help people get their accounts back Part of expected customer service Attribute release consent from the social provider isn’t sufficient Service Provider should provide generic consent management layer Shared Signals Account Take-Over Response Consent Management IAM-like components Not core traditional IAM services
  78. 78. Meaningful integration designed to create 360° view of the customer • Sales • Service • Marketing • eCommerce • Content Management Conversion rates Segmentation Usage via Channel Behavior analysis to fuel marketing, service, sales, and recognition Encryption and Tokenization “Who access what data and what were the values at that time?” • Think DAM for customer data Integration Analytics Information Protection Non-IAM Components Peer services
  79. 79. More than just IAM components
  80. 80. How is customer identity different from enterprise identity?
  81. 81. Technologies needed are different
  82. 82. Customer Identity Components IAM Components IAM-like Components Non-IAM Components
  83. 83. Lifecycles are different
  84. 84. Anonymous Pseudonymous Known Web Mobile Thing Developer Join Move / Change Leave
  85. 85. Techniques are different
  86. 86. IAM Techniques Employee- Centric IAM • Traditional • Organization is owner & authority • Lots of User Provisioning • Web Access Management plus some federation Customer- Centric IAM • Modern • Individual is owner; no single authority • Profile Management • Federation and social sign-on
  87. 87. Privacy expectations are different
  88. 88. Goals are different
  89. 89. Right Access Right People Right Place Right Time Employee-centric IAM Goals
  90. 90. Right Experience Right People Right Place Right Time XP Customer-centric IAM Goals
  91. 91. Stakeholders are different
  92. 92. We are not here
  93. 93. Sales Marketing Alumni Affairs Community Dev.
  94. 94. The opportunities are greater
  95. 95. The opportunity to delight
  96. 96. Stop using Employee-Centric IAM for your customers
  97. 97. Stop treating your customers like employees
  98. 98. Start delighting them
  99. 99. “Your time is important to me. Continue to enjoy the conference & thanks for your attention.”
  100. 100. Thank you

×