Event Recording
Yvo van Doorn: Attract and Retain More Customers with CIAM Technology
Consumers are now accessing gated content, customer portals or smart devices in ways and at a scale never seen before. The most successful companies aren’t just focused on providing secure, seamless and painless access for the end-user. They’re also passionate about delivering a customer experience that will help them drive growth. And it starts at the login box.
Hi, my name is I Eva Vandorn. And today I'll be talking about how to attract and retain more customers with C technology. As mentioned before, my name is Evo Vandorn. I am a senior solution to engineer with op zero at op zero. I empower new customers to understand what op zero can do for them and how it can do it technically before I introduce what skilled access in op zero can do for you. Let's talk about the customer journey of implementing cm. Cm. Doesn't stop after registration. And so we assist users and organizations throughout the whole customer journey. First registration, you don't wanna burden your users with long signup processes, providing a login screen that can be easily extended to add social login and progressive profile. In addition to something that can be completely branded and is consistent among the major browsers. This is the entry point to your brand consent people who registers need to give consent to two things. They have to agree with the political terms and conditions before using the service to registering for, and they have to give consent to how their personal data is stored and accessed and used by the platform.
Check, being able to tie into identity verification APIs in order to ascertain who the user is, might be a requirement in certain verticals like banking and healthcare or government fine grained access. Not everybody who's checked needs to have the same type of access. Fine grained access means that every request is verified. According to the context of that individual user. At that point in time, it's a concept of zero trust and no, this does not apply to only employees that also applies for consumers, convenient access establishing long sessions, and being able to set that per application allows a user to already be logged in when they visit your site. After a few times, however, at the same time challenging the user in the form of having them reenter their password or utilizing multifactor authentication. Whenever the user performs a sensitive operation, such as checking out an order or viewing personal identifiable information in their profile, omnichannel, this is especially relevant in verticals that both a brick and mortar experience and an online experience, these two experiences should be seamless to the user. Multi-brand single sign-on provides your user a way to reuse their account across your multiple brands.
Sharing access, sharing access is what people do, but we've provided them with a way that they can do securely on your terms and without sharing passwords to their accounts, data-driven insights, data-driven insights really means providing you with data on your users' activity and relationships, and to be able to become more customer centric. Finally, when back users preference on what they use to log in changes over time, think about apple, introducing, signing with apple last year, being able to recognize returning users, but more importantly, allowing them to link their old, their new account to their old profile allows a user to easily return back to your brand. So how does a zero and skilled access fit into this of zero and scale access is one common platform that combines the authentication and authorization pipeline as shown here. It is simple to integrate with your application and highly customizable for your needs. Scaled access seamlessly connects with both off zero for authentication and with the resource for authorization, the zero authenticates that user who they claim or she claims to be, whereas scaled access checks that the attributes are in place that the access policy requires to permit granular access to your resource, or to put it very differently. Your resource can rely on realtime authorization decisions from our distributed authorization and authentication service.
And so let's dive a little deeper into some of the concept I briefly introduced, and we'll start with registration. The login and registration screens are the entry points for your brand login screens should allow for complete and easy customization of the login screen. And it is a demand of any marketing team out of the box. Low code implementation should render the same in all major browsers, such as Chrome or edge Firefox and safari. And for those that serve other businesses, think about your partners. Utilizing features like homeroom discovery allows your partners to be redirected to their identity provider.
Another thing I'd like to cover is contextual consent consent is an explicit decision of a user who wants to use your service for a particular purpose. In a particular context, you cannot capture this type of consent in ion, such as a yes or no or true or false consent is contextual depending on country language, service role, and other dimensions that implies that we can ask for consent multiple times if the con context, role or purpose changes. And we also foresee that the consent is not only given to those organizations, but we can also be given to the user within the new sharing economy.
Consent is also a prerequisite for any access is granted not only to match compliance, but also to create user trust, a user consents to their information being used without consent. There should be no access. However, building an acceptable user journey when new consent needs to be given is a challenge you might want to offer the user grace period and a grace period here means a time slot. You offer the user to grasp the additional terms and conditions you're asking her to consent to, but without denying them access now not everybody needs the same access to your service. And this is where fine grain access comes into play. Not only from security point of view, but also from a user experience, point of view, you do not want to give access to relevant information or functionalities off zero and skill access will let you build rules on who gets to do what rules that fit your business strategy.
Who do you want to attract in the first place? Who do you want in that ecosystem? Who are the different stakeholders outside of organization who should get access to the same service? These rules can include attributes such as the subject, who is the person we're not only talking about this role, but also attributes such as age expertise, country residents. Action. What is the user trying to do? Are they trying to edit something? Are they trying to manage something or trying to share an article context? Now, Al zero can let you know where he or she's logging in from what device, what location at what time, which really then these things can be all taken into consideration on the resource, depending on the subject and action and context. You do not have to give access to everything. If users suddenly logging in from a location they've never logged in before they don't get access. However, if they're logging in from within your corporate internet, perhaps they get more access. Maybe you don't trigger MFA. These are all decisions that can be done real time.
Finally, access is not only dependent on what person is requesting access, but also where he or she is in the customer journey. Let's take for example, of a user who wants to have access to an online newspaper, an online newspaper could offer multiple tiers to their subscription. A viewer only gets trial or metered access, maybe just a few articles, whereas a subscriber it's full access and they can view everything. Whereas a premium subscriber can engage with journalist who wrote the piece or get access to other titles in your library with off zero, there is no differation made between these tier, the user, all three users get the same exact login screen and the same exact registration screens. However, as the user moves up or down, the tiers scaled access will ensure the user has the right entitlement. That is part of their subscription.
Now there is an evolution on authorization. Skill access is at the top of the evolutionary ladder of authorization. They support a concept called relationship based access control. Let's take a back let's step back. We remember the days that the system administrator had to give each individual person access, we got smarter and we decided to have roles, but roles are too limited. For example, you have three people in the same role, but really somewhere more equal than others after roles, we now have attribute based access control or aback, which makes a lot of sense for users to the same organization. But how do you handle giving people outside the organization that need access to something that someone already has access to in the organization, but in this case, they need access to it. And this is where relationship-based access control comes in. Let's take a little, let's go a little deeper on that concept. Say, you're a patient and you have access to your medical record. You are the owner of your own medical record makes complete sense. You should be able to share that medical record with your healthcare professional, that healthcare professional should be able to then determine how to take care of your medical needs. However, relationship is not Def a definition of a single relationship. It can be multi hop as well.
Think for example, about a care provider, you have multiple professionals and care provider who be hospital. You have multiple healthcare professionals. Part of that, that hospital. You're sharing your record with the care provider, which then can be viewed by individual healthcare professionals. But it doesn't just stop at the people that take care of you, but it also can be something that you want to give someone else access to say your partner or your daughter or son in case you're you're elderly. And you wanna make someone have someone else have access to that critical information. These are all things that come up when it comes to relationship based access control, then they don't just end there. This is just one example.
So today I highlighted registration consent, fine grained access and sharing as items along with customer journey on implementing customer cm, all zero and skill access understands and can support all of these different things inside the journey. By using the combination of off zero in authentication and skilled access for authorization, we give you best of world's offering ultimately leading you to track and retain more customers with CIM technology. And last but not least, this integration is available today. In all zero's marketplace, you can go to marketplace dot all zero.com and you can view the integration that we talked about today. There any questions.
Check, being able to tie into identity verification APIs in order to ascertain who the user is, might be a requirement in certain verticals like banking and healthcare or government fine grained access. Not everybody who's checked needs to have the same type of access. Fine grained access means that every request is verified. According to the context of that individual user. At that point in time, it's a concept of zero trust and no, this does not apply to only employees that also applies for consumers, convenient access establishing long sessions, and being able to set that per application allows a user to already be logged in when they visit your site. After a few times, however, at the same time challenging the user in the form of having them reenter their password or utilizing multifactor authentication. Whenever the user performs a sensitive operation, such as checking out an order or viewing personal identifiable information in their profile, omnichannel, this is especially relevant in verticals that both a brick and mortar experience and an online experience, these two experiences should be seamless to the user. Multi-brand single sign-on provides your user a way to reuse their account across your multiple brands.
Sharing access, sharing access is what people do, but we've provided them with a way that they can do securely on your terms and without sharing passwords to their accounts, data-driven insights, data-driven insights really means providing you with data on your users' activity and relationships, and to be able to become more customer centric. Finally, when back users preference on what they use to log in changes over time, think about apple, introducing, signing with apple last year, being able to recognize returning users, but more importantly, allowing them to link their old, their new account to their old profile allows a user to easily return back to your brand. So how does a zero and skilled access fit into this of zero and scale access is one common platform that combines the authentication and authorization pipeline as shown here. It is simple to integrate with your application and highly customizable for your needs. Scaled access seamlessly connects with both off zero for authentication and with the resource for authorization, the zero authenticates that user who they claim or she claims to be, whereas scaled access checks that the attributes are in place that the access policy requires to permit granular access to your resource, or to put it very differently. Your resource can rely on realtime authorization decisions from our distributed authorization and authentication service.
And so let's dive a little deeper into some of the concept I briefly introduced, and we'll start with registration. The login and registration screens are the entry points for your brand login screens should allow for complete and easy customization of the login screen. And it is a demand of any marketing team out of the box. Low code implementation should render the same in all major browsers, such as Chrome or edge Firefox and safari. And for those that serve other businesses, think about your partners. Utilizing features like homeroom discovery allows your partners to be redirected to their identity provider.
Another thing I'd like to cover is contextual consent consent is an explicit decision of a user who wants to use your service for a particular purpose. In a particular context, you cannot capture this type of consent in ion, such as a yes or no or true or false consent is contextual depending on country language, service role, and other dimensions that implies that we can ask for consent multiple times if the con context, role or purpose changes. And we also foresee that the consent is not only given to those organizations, but we can also be given to the user within the new sharing economy.
Consent is also a prerequisite for any access is granted not only to match compliance, but also to create user trust, a user consents to their information being used without consent. There should be no access. However, building an acceptable user journey when new consent needs to be given is a challenge you might want to offer the user grace period and a grace period here means a time slot. You offer the user to grasp the additional terms and conditions you're asking her to consent to, but without denying them access now not everybody needs the same access to your service. And this is where fine grain access comes into play. Not only from security point of view, but also from a user experience, point of view, you do not want to give access to relevant information or functionalities off zero and skill access will let you build rules on who gets to do what rules that fit your business strategy.
Who do you want to attract in the first place? Who do you want in that ecosystem? Who are the different stakeholders outside of organization who should get access to the same service? These rules can include attributes such as the subject, who is the person we're not only talking about this role, but also attributes such as age expertise, country residents. Action. What is the user trying to do? Are they trying to edit something? Are they trying to manage something or trying to share an article context? Now, Al zero can let you know where he or she's logging in from what device, what location at what time, which really then these things can be all taken into consideration on the resource, depending on the subject and action and context. You do not have to give access to everything. If users suddenly logging in from a location they've never logged in before they don't get access. However, if they're logging in from within your corporate internet, perhaps they get more access. Maybe you don't trigger MFA. These are all decisions that can be done real time.
Finally, access is not only dependent on what person is requesting access, but also where he or she is in the customer journey. Let's take for example, of a user who wants to have access to an online newspaper, an online newspaper could offer multiple tiers to their subscription. A viewer only gets trial or metered access, maybe just a few articles, whereas a subscriber it's full access and they can view everything. Whereas a premium subscriber can engage with journalist who wrote the piece or get access to other titles in your library with off zero, there is no differation made between these tier, the user, all three users get the same exact login screen and the same exact registration screens. However, as the user moves up or down, the tiers scaled access will ensure the user has the right entitlement. That is part of their subscription.
Now there is an evolution on authorization. Skill access is at the top of the evolutionary ladder of authorization. They support a concept called relationship based access control. Let's take a back let's step back. We remember the days that the system administrator had to give each individual person access, we got smarter and we decided to have roles, but roles are too limited. For example, you have three people in the same role, but really somewhere more equal than others after roles, we now have attribute based access control or aback, which makes a lot of sense for users to the same organization. But how do you handle giving people outside the organization that need access to something that someone already has access to in the organization, but in this case, they need access to it. And this is where relationship-based access control comes in. Let's take a little, let's go a little deeper on that concept. Say, you're a patient and you have access to your medical record. You are the owner of your own medical record makes complete sense. You should be able to share that medical record with your healthcare professional, that healthcare professional should be able to then determine how to take care of your medical needs. However, relationship is not Def a definition of a single relationship. It can be multi hop as well.
Think for example, about a care provider, you have multiple professionals and care provider who be hospital. You have multiple healthcare professionals. Part of that, that hospital. You're sharing your record with the care provider, which then can be viewed by individual healthcare professionals. But it doesn't just stop at the people that take care of you, but it also can be something that you want to give someone else access to say your partner or your daughter or son in case you're you're elderly. And you wanna make someone have someone else have access to that critical information. These are all things that come up when it comes to relationship based access control, then they don't just end there. This is just one example.
So today I highlighted registration consent, fine grained access and sharing as items along with customer journey on implementing customer cm, all zero and skill access understands and can support all of these different things inside the journey. By using the combination of off zero in authentication and skilled access for authorization, we give you best of world's offering ultimately leading you to track and retain more customers with CIM technology. And last but not least, this integration is available today. In all zero's marketplace, you can go to marketplace dot all zero.com and you can view the integration that we talked about today. There any questions.
Video Links
Stay Connected
How can we help you