An Intellyx BrainBlog by Jason English, on the WSO2 Blog
WSO2 recently announced the release of their Private CIAM Cloud service, and it made me think about the changing role of personal identity versus business entity in today’s complex distributed software environments.
The CIAM space has evolved far beyond the traditional end user’s need for identity and access to applications in a B2C (business to customer) scenario.
The ‘C’ in CIAM doesn’t just stand for ‘customer’ anymore, it is now an essential catalyst for businesses to safely work with any constituents: end customers, businesses (B2B), employees (B2E), citizens, and even communications among API-enabled services.
Redefining the customer
Most customers think about identity primarily from an account setup and login perspective. As individual end users, we’ve all spent countless hours trying to recover and reset passwords, entering authentication codes, and solving captchas.
Secure, private and trusted identity management processes are still vitally important to consumers using a retail or e-commerce website, a banking app or an insurance account portal. Identity literally enables the flow of modern commerce. If a business fails to provide a safe process, or throws too many roadblocks into the user experience, customers will eventually take their business elsewhere.
A B2C application such as a healthcare portal has certain minimum requirements for identity – the ability to reliably authenticate the identity of the patient, and the ability to authorize what systems and information that patient would have rights to. PII (personally identifiable information) should be kept secret from anyone other than the patient and healthcare provider.
However, the patient portal or end customer’s account is just one perspective in a continuum of identity management that must support many more complex relationships behind the scenes of every business transaction or request for information.
Mapping the extended org with B2B identity
The days of vertically integrated enterprises are over. In supply chains for physical goods, nearly 100% of leading brands are outsourcing some or all responsibilities for raw materials, manufacturing, logistics and operations to a matrix of specialized groups and other companies.
Similarly, our software supply chains have become very distributed as well. No business is an island anymore, and the agility and cost benefits of sharing information and work among distributed teams and third party suppliers is mirrored in our service based, API-driven business applications.
Different business teams and partner companies will often have their own sets of applications and SaaS services, so B2B scenarios start from a perspective of integration between systems as a core design consideration. Identity also plays an equally important role in ensuring successful B2B application delivery.
Modern companies no longer fit within the monolithic departmental silos of old. People and teams may have different access and authorization needs for different software packages, and they may change roles or come and go from a project at any time.
Admins need to assign policies that govern each entity, each group or user within a multi-level hierarchy so they get the access needed to do their work – but never more than they need. A “least privileged access” approach tightly controls the boundary of authorizations, so hopefully any bad behaviors of hackers trying to span authority domains will be detected.
Delegated administration scenarios allow team leaders to hand off administrative rights to partners and even downstream business customers for very fine-grained levels of access to services and data for a given line of business, project or product.
Delegation allows permissions to be nested across an extended B2B org that can include partners and even customers (let’s not call it B2B2B2C, but you get the point).
— Read the entire blog post on the WSO2 blog here: https://wso2.com/blogs/thesource/ciam-codifying-the-ever-changing-keys-to-b2b-commerce/
© 2022 Intellyx LLC. Intellyx retains editorial control over the content of this document. At the time of writing, WSO2 is an Intellyx subscriber. Image sources: Keys, Rosa Say, flickr CC2.0 license; B2B Access Mgmt diagram, WSO2.
