Delivering True B2B Identity Management in the Modern Era

Welcome to our cooking call webinar, delivering True B2B Identity Management in the modern area. This webinar is supported by Tallis and speakers today, our Marco Annuity, his I am enablement and acceleration director at Tais Group and me Martin Kuppinger and Principle Analyst at Kuppinger Coal Analyst. So before we dive into the subject of today's talk, I quickly want to give a bit of a housekeeping information. I have, we are controlling audios. You don't need to do anything here. We are controlling these features. We will run two polls during, during the webinar and if time allows, we will discuss the results during q and a. And that also leads us to the next point, which is we will have a q and a session at the end of the webinar, but you can end the questions at any time using the q a section. In effect, you can use the, the, the, the q and a tool in the, in the, in the app you have on the right hand side.
And then we have recording and slides. So we are recording the webinar and we'll make the recording and the presentation texts available soon after the webinar. This is from a housekeeping perspective and before we, before I start my part of the presentation, I'd like to run my first poll. You will find the right hand side in this web application use or in the app you'll find the, the poll options. So you, you will see the polls and you'll be able to participate. The first question I have is, have you implemented a specialized solution for managing B2B identities in your organization? So one as aside of consumers and employees, and two simple options, yes or no.
So the more people participate on this poll, the better it is. So please enter your option and, and your perspective here so that we get to get some good number of results here. Okay. Leave it open for another 15 seconds before we then look at the agenda. Okay, so let's move forward the agenda of today as many of our webinar agenda as a split to three parts. The first part I'll talk about what makes B2B identity management so challenging. In the second part, then Marco Nui will talk about effectively and efficiently dealing with B2B identities. The third part then is our q and a session, as I've already mentioned. And as I've said, the more questions we get the more interesting it is. So don't hesitate asking questions at any time. So where I wanna start is with two poll results, which are related to this bigger subject of B2B identity management. They are a bit closer to supplying change security risks, but I think this also goes into B2B identity management. So B2B identities, when we look at this, it means these are identities of partners of contractors and many other externals that have some sort of a business relationship with our organization. They're not customers in that sense. They are frequently from suppliers and and other partners.
So it's different from the consumer-centric use cases. And this goes also into the entire subject of supply chain security risks and power of the supply chain. Security risks are risk cost by external identities. It's only one. But just to, to sort of draw the bigger picture here, and this is data from from our survey we released in May this year. We, we see that supply chain security risks in, in different forms became more and more relevant. So part of software supply chain risks, but also others types of supply chain challenges. So do you understand which people are working with your suppliers, which other suppliers they're using? So which people at the end could have access to your IT entire environment? The interesting point here, and I, I'd like to focus in on this most or let's look at that differently. Only 16%, one out of six companies, one out of six companies says we have a centralized approach across the organization.
Some have a couple of point solutions, some know that they have gaps more than way more than half. And another 12% say we just don't know about it. So we have very significant gaps in managing supply chain security risks. And part of that is access external identities. We will see, I'm absolutely convinced we, and this is already happening, we will see some, some strong push by by regulations. So and by probably also unfortunately incidents. But I also see that we have a long way to go to, to get better on this. And part of the solution is having a strong B2B identity management. The second element I, or the second part of the survey I'd like to like to look at is around work from anywhere driving better authentication. And that has, even while that question was really more on the workforce side, it also has an association to the B2B identity measurement side.
Cause at the end, the point is when we look at B2B identity measurement, yes we may have contractors that are in the organization for a very long time that even have corporate IT equipment, but most of them come in with unmanaged devices and bring your own device. It's 24% is also a subject, an important subject for organizations when it comes to their workforce. And the other part is when they say, okay, how do we deal with this different work attitudes, people coming in, different types of work eng so different engagement types at the end, how do we deal with this? And the most important thing is multifactor authentication, but also supporting bring your own device is very important. Endpoint management in the sense of modernizing endpoint management had a little lower perspective here. It it's not a multiple choice in this case. So it was a single choice question which explains that most opted probably for, for multifactor syndication.
But also we need to better get better solutions on how we understand what is the risk of the endpoint, what is the risk of the external user? Did you, are we able to authenticate that person in a strong manner, et cetera. And unfortunately, and this is where where I'd like to look at, unfortunately, B2B identities are the most complex case in identity management. So we have a, I would say a relatively good group on employees. Employees. They, yes, we may need to differentiate between first line workers in manufacturing, for instance, under than the multi office workers with a bit of different complexity. But at the end we, we, we know how to deal with it. We also know how to deal with customers and consumers and customer consumer use cases are us similar. There is about efficient onboarding, simple authentication, relatively little differentiation between the entitlements.
Just that we need to assure that people only see their own data for workforce. We have the complex entitlements, but we know a bit of how to deal with it. But when we look at B2B identities, then we have users, we have federating, and from our business partners, we have people that, that are, that are responsible for the security of our factories or office buildings or others. We have consultants that are coming in. We have system integrators working part-time in the organization. We have contractors that are in for a long time. And, and when we look at how, how frequently these people change on one side. And so the, the turnover amongst these people are always the same or always different people and the complexity of their access, then it is that contractors have a relatively complex access system. Integrators working with systems, having access to test data, sometimes even to to production data, et cetera.
Really challenging consultants frequently with more limited access to certain data for their projects. Federated users maps to define accounts, but for instance, the people that are responsible for sitting at the front door and saying, okay, you are allowed to come in or not that are protecting it, that they're walking around during the night around factories. They sometimes need access to a lot of systems to, or more critical systems. So we have complex use cases and the risk sometimes is really big and most organizations I think don't have a really good crib on that. And what I want to do in the the, the next couple of minutes is looking a bit, taking a bit more detailed perspective on complexity where I compare B2B identities with B2 e, so the employee and b2c, the customer consumer identities. And I think this is an interesting challenge because it makes clear what it means.
So when we look at registration, registration spams the line from self-managed to managed to automated and we have a B2 e spectrum, a B2B spectrum, and a B2C spectrum. The B2 e spectrum is for registration, mainly automated. The B2C spectrum is mainly self-managed, but for B2B it can be almost everything self registered to highly automated when look at contractors. So it's, there's more in, there are different types of managed use cases, et cetera. It makes things more complex. The the next one is roles and entitlements. So how complex are roles or how simple are the entitlements for B2 e again, we are in a, on the complex side. So we have complex entitlement structures for people that are spending a lot of time in the organization while customers and consumers usually have a rather simple model of entitlements. Again, spectrum and B2B can be virtually everything. When we look at people that are, are running critical applications as a managed service provider, then they are definitely very much on the complex side and ours just have very limited access to certain project data. But it's a wide range and it's not one. But there are very different types of identities.
How good are we in deprovisioning automated versus lacking or just by inactivity? Again, we, B2 e is on the right hand side. B2c, sometimes we would by just after some sort of inactivity or we ignore it, we just don't do it again. For b2b it can be more or less everything. And it's important because we need to understand is this person still at that supplier for instance goes back to supply chain risk management. So we need solutions that help us dealing with this level of complexity, which also indicators can be used. That's a bit of different picture because unfortunately still even in B2 E we still have a lot of username, password authentication. We must get better here no doubt. But it's, yes, we have this while B2C also goes more nowadays into multifactor authentication, sometimes linked to biometric authentications, et cetera. So we see definitely an, an strong improvement in this area.
B2b again could be everything. So when I look at my, my engagements when I was a, so to speak, a B2B identity somewhere else, that was sometimes really very low protected access to few resources. Sometimes I even received re received an O T P piece of hardware, one time password generator and stuff like that. So it varies. Which devices do we have between bring your own device and manage device? Yes, there's a bigger spec spectrum also for, for employees nowadays. So it's getting better, broader, we have more on that. But clearly the consumer is very clearly on the bring your own device side. And again and B2B identity can be everything. What does it mean? It means that we have really, really a wide range of different types of identities we need to deal with. So there's not the one type of B2B identity. It is, we have some that are already a bit more like a consumer, others that are already closer to an employee and a lot of in between.
When you look at the upper three areas that there's a a huge space which is only B2B spectrum, which are specific things for b2b. There are so many facets of B2B identities that we need strong solutions to deal with that because going back to what I said earlier, this is part of what we are doing of what we need to do to secure our supply chains. This is part of what we need to secure our entire it there's a risk by B2B identities and we need good solutions to deal with these types of identities. So with that, I'm back at the agenda. I would've expected the poll to appear show up here rather then we do the poll later on. No worries. And with that I already hand over to Marco. Marco, it's your
Turn. Well thank you all for joining us today. Again, I'm Marco uti. I had the pleasure to be in the identity space since literally the beginning of the century, assisting to a number of changes and evolution of our, the answer from us as meaning solution providers, solution vendors changed over time and now reached as Martin clearly expressed probably the highest peak of breadth and complexity with the B2B B2B use cases. So in the course of the next 20 minutes, I would like to answer to three key questions. There are defining, in my opinion, a good usage of your time, hopefully, which is question number one. Why is B2B different in the first place? Question number two, if I'm already featuring or leveraging some identity solution, do I need another one if I now need to deal with b2b, yes or no or to put it differently.
Question number three, are there solutions that does it all already if I don't happen to have anything in place? So to answer those question, I start from the beginning. The reason why we're having this entire conversation and the re real core reasons behind is the digital transformation. I will keep it short. I believe we all know what digital transformation is and what it dictates and what it entails. When it comes to the identity side, the, the, the side effects on, on the digital transformation, on the identity spectrum, there are three thi key things that are guiding this conversation. First is that what before was a focus on the B2 E side for the identity controls and optimization and cost and compliance is now no longer the case, a focus there only, but rather spans different identity types including contractor, including B two E, including others.
We will see them in a minute, but each of them demanding specific life cycle and interaction. And there is no longer such a thing as a single customer scenario that we have the pleasure to deal with where it's just about one identity type. The new normal is to deal with the rainbow of identity with different types of identity within the same business context, the same business scenario. So what are these types of identity? Well of course there are two main ones which are all familiar with, which are the employees meaning employees. Employees or remote worker frontliner, but even long-term contractor as a, the definition of Martin gave before of employee type B2B users of course, right at the opposite side of the spectrum we have the customers, the consumer, the citizen, which have totally different set of use cases of course as a very nicely represented in the detailed perspectives slide that Martin just delivering his in his introduction.
There are of course some in betweens. And for the purpose of this conversation, the in betweens are at least of two types. They are the temporary workers, the contractors, the the, the gig workers, which very often hardly ever or at all, they come to the office, they, for the entire contractual relationships they have with their organization, they, they are remote, they sign up remotely, they start working remotely and they go without again going at the office a single day. So that entails of course from the identity side, the entire spectrum of capability including the full onboarding with validation. And there are one final type which are corporate customers or corporate entity more in a broader spectrum such as suppliers, partner agents or brokers, insurance for instance. Those are not individual, those are organization of individual. So there's a nested testing of entity that pose different challenges in terms of what is the way to onboard, to manage, to delegate who can do what.
So this is of course probably something you already are familiar with, but again worth mentioning because indeed this is the new normal. Most often than not we deal with at least the two of three types of users in each and every use case for your organization. We have the pleasure to serve and of course coming from the employees, this is very often part of the go-to market that the service and product that our customers, our organizations that we serve are, are dealing with. So they might be reaching the customers directly or maybe with some business intermediaries, maybe not just one, maybe a chaining of them. Okay. And because of my personal customer internet access management heritage, I tend to look primarily at the go-to market side of the equation. But of course there is also the supply chain part, right? There is also other companies, business constituents, business organizations which are on the, on the li left hand side of this, of this representation. Again, this to say there are different types of bees, okay? So it's not just about to say that we need to deal with business organizations. There are different flavors even within the B box so to speak. That being said, let's pick one single example. Only one of a case that we addressed a couple of years ago in this case, which was a bank, a mid-sized bank that was now starting a new initiative in the real estate market through an indirect go-to-market model.
So stock real estate. So those dealers were the one really talking to customers. And there were different types of dealers. Some of them were in the, so sorry, dealers here means business organization with multiple people belonging to them. So again, not individual, each of them could have been in the direct relationship with the mother bank, another company or rather to with some of the subsidiaries. So it's already different bees, back to my analogy one slide ago, are represented in these slides. So of course those dealers were meant to be given access to selected business application for delivering the services to the customer base. And they were to be managed autonomously by themselves in a sort of delegation. So it's about enrolling them, it's around delegating them is around delivering access to applications. This where the key needs in this case study, again, in this case specifically on a, on a banking group, should have been other industry maybe rather than dealers.
If it was an insurance company, could have been for instance brokers. Very similar use case as the one just described. So when it comes to what the customer ask, I thought it would've been no more, doesn't get any more clear than bringing up what the customers are asking for. So this is a list and you don't need to read it of what real life is like for us as a vendor now listening to what our customers are asking us to provide them with. And some of those requirements are more and more frequent here. I I liked them just to comment a bit on the flavor they, they come in with. So for instance, is your solution managing hierarchies of SalePoint or layered user management is supported. So those are all reflection of something which is no longer me dealing with my employee but rather something closer to what I represented in the previous use case.
And of course it's about external users. Why that? Because questions such as can you create your own registration process? Is there a validation included? That of course applies only to external people, people not coming from the HR system. Of course you also have another bunch of requirements around provisioning, the provisioning federation and so forth. So in a, in a solution provider jargon, this is a composition of workforce plus consumer use cases. This has been dominating our life for the last few years, okay? This is always the case. You have more and more blend of the two things. And also at the same time a blending of identity provisioning and access management. So there are at least two access of hybrid, so to speak, capabilities depending on the way you look at the identity solution market. So dealing with this sort of thing we the define the new B2B SIAM conversation.
Basically belonging to three major categories. So actually when we talk b2b, we actually don't have a single conversation but rather three conversation at the same time. Let me briefly recap them one by one. The first one is what we call the enrollment experience conversation. They usually something trigger by the chief marketing officer or adult digital it sounds like. Well we should delight our customers. So to improve retention and conversion. Conversion meaning from prospect to customers, that's kind of classic SIAM conversation. There's one more conversation which we call the extended team one and it goes with well head of digital or C O O O originated. And it is very much about, well we need to streamline the way we manage the ever increasing number of external user and gig workers. They outnumber three, four times the number of employee we're dealing with. So that's relevant in many ways for business flexibility and also for cost control.
Third conversation is very different. That's actually a C E L or maybe an enterprise architect conversation is around the contextual authorization. And that comes in place where you need now also to look at your application landscape and you need to maybe centralize and do a better job in the way we manage and enforce access and policies across your application portfolio now because of the extended set of constituents that are getting access to them. So each of those conversations have some specific capability behind. So for instance, when it comes to the enrollment experience conversation, that very much belongs to the notion of orchestration, orchestration of capability such as identity verification, authentication, profiling, notification, consent. Those are to be bound, to be bound together to deliver the user experience that we want to build for our consumer or business customers or constituents that we want to tackle.
So in this case, again the keywords is around orchestration and this is the closest to the original SIAM conversation in a way. Second one is the extended team. And that's very much about having one more business application to be provided. Our business customers with this time is a business application not to manage invoicing or stock or whatever, but rather to manage other people. But it's still a business application. It's not a technically flavored admin UI of any source. It's a business application for business user to manage identity access and delegation of identity and access management to other constituents. The third conversation, the centralized, the contextual authorization one as I said tends to be more technical and architectural and that's why I, I brought up an our architectural slide from a logical standpoint in the middle between the users and the web applications and services you deliver, there is a science solutions which captures identity relationship among them consent, okay?
And of course provide single sign-on at least single sign-on which is a very course grain go go, no go level of authorization. But if you want to go to the next level, you can actually add to this conversation one extra component which is the authorization engine which can either inject on the fly in the access token for those of you who are familiar with the, what I'm talking about in terms of technology jargon, the scope belonging to that, applications with minimal integration. So this is applicable to an application which is featuring the ability to be sensitive to claims or if I have code control of my application and I can manage the way authorization is enforced with that application, I can also use the central engine to query and get responses on authorization decision. So there are different degrees of integration of applicable depending on what kind of granularity I wanna reach in terms of authorization level.
I do realize this might be a bit too technical, but the key thing is that as Martin said, B2B stands out in terms of complexity. My way to say the same thing is that if you can do B2B A i m, you can do it all is the same thing. When we talk B2B with our customers, we usually have at least two of these three conversation. Any combination applies more frequently lately than ever before. The three of them are what constitutes the conversation surround B2B aam. So this kind of conversation though is still struggling because of the lack of a unified way to call them. So we are still in a day where what we are discussing even here today is can be defined as b2b aam or external user management or partner AAM and and so forth. I just collected a few of probably it's not even a, a complete list of the various way different providers are, are nominating sort of capabilities, okay?
So we still lack a single way to call it to understand each other in a, in an easier fashion. And that confusion is maybe also the reason why we still assist to different way for our, for selected customers to leverage this sort of capability. So I thought it would've been interesting to kind of recap what are common pattern that we assisted lately. So in this example here, I'm representing a company before going B2B so to speak. So still leveraging something they had before which is an I G A solution In this example here is an on-prem one, but doesn't matter if it was a cloud one, same, same story apply of course I G A was there because of managing internal users primarily. So HR fed in an automated onboarding fashion with an admin persona looking at them and provisioning users on the and managing users on the various on-prem and cloud applications.
It comes the day to deal and expand to business organization B2B customers or B2B entities meaning users and delegated manager there included more than one. So the first take very often the first intent is well we already have an I G A solution, let's use that for the job and doing so, okay, we can still open up to the delegated manager the ability to manage their user tool and to deliver them access that kind of approach. In our experience get rejected after a few months for a few core reasons. First of all because of course such an approach doesn't feature some of the core capability. They are very much relevant for a B2B conversation such as the presence of single syn, none. But also terms and condition acceptance, read consent on document and or attribute. Not to mention that the registration process is not provided by a GA solution.
So in this approach, too many things lacking it is deemed to to fail. It's deemed to be just a step one and longer journey. What is the step two? Step two is involving a science solution. I call it here for the purpose of this conversation, a generic science solution. Well things are already much better. Now I have in this example here that the users can be onboarded through a registration process. Cause that's what a science solutions provide. They can bring their own identity, maybe a national id, maybe social one and of course they can be signed on on the various application. This is much better. But there is still room for improvement. Why that? Because very often the delegation capability for those delegated manager are pretty well not business friendly. They are coming maybe from repurposing an admin UI and you can still fill it.
And that's a generator of help desk call from the the delegated manager. Most importantly because the creation of a new B2B entity managed within the system tends to be still a technical thing. Something that I need to call the IT office to make that happen. It's not something that a business user can do. They cannot say point and click, there's a new B2B entity I wanna deal with and Johns Smith is gonna be the delegated manager. Off you go. It's not that easy. And so that creates a limit in the flexibility of the solution. That is a yes. But of course there are native B2B science solutions which are in for the purpose of this representation and just to make things easier, adding one more business application, as I said, at least for delegation management, right? And make it easy for be through that. Also the point and click creation of new organization, new B2B entity and the ability to delegate in a downstream fashion to a nested notion of B2B entity among them.
So this to say that things change and we are assisting to more pattern tree, not rather than two and less and less one lately. But this is how it started. Cause again, there's been a lot of evolution over the last few years around this subject. And I like to close maybe with what my short version of the last 20 years on what this domain went through. So at the beginning was very much as I said before, digital transformation. They said b2, E focused AAM offering was very much about cost and compliance in, in inhouse. Then we realized later, and I'm among them, there is a totally different set of use cases when it comes to do consumer and customers to the point that there were different vendors doing b2, E and siam. Okay? Then later we realized that SIAM would see meaning customers or consumer was possibly the worst acronym ever.
Because to just talk consumer is limited. It is not just that. It's also B2B users and gig workers. So maybe we could have come up with something like external A I M rather than just Siam. But now finally and it just took, so to speak, 20 years we realize that we can safely bet on having a single solution that does it all. Okay? Which we call a conversion, meaning same solutions for addressing the spectrum of capability that ranging from the external to the internal in between the B2B can can serve the different use cases. So back to the question from where we started, I think that the answer to why is B2B different can now be answered. And the reason is that B2B is indeed standing out in terms of complexity because it also requires notion of organizational onboarding and delegation management and flavors of authorization management, which are on top the SIAM one, okay?
And different from the B two E ones. So question number two, do I need another solutions to deal with b2b? Well most likely you do though you might have already some Siam an I g A solution in-house. This would be my scenario number two before, if those solutions are featuring the right level of usability, then you are probably, you don't not, you don't need any, any specific solutions. Number three, are there solution that does it all? Well they are, and of course we claim to be among them and is that not a coincidence? Okay. Meaning that we learned that the hard way through mistakes that we are being, we have been doing before during the last few years and now fix the, since the changes in the evolution of the platform over the last five years, specifically devoted for b2 E use cases. Again, what we rebuilt was given that was driven by the mantra.
If you can do b2b well you can do it all closing from where we started. Again, digital transformation is why we're having this conversation in the first place. Identity as a big say in how to approach that. And the modern science solution is essential to help drive and accelerate that or maybe rather than a modern siam. Again, sticking with what I just said, a modern B2B A I M or SIAM or still lost in translation to be defined. Martin, help us with that. Let's find the name for what the subject should be called like, okay. With that, thank you very much for your attention and back to you Martin.
Thank you Marco. So we've been talking about some concepts, aspects and already how it has evolved and how to do that. And right now before we go through the q and a session, I quickly wanna launch the second poll. So we, we had one poll that talked about, looked at b2b, IM solutions for the second one. I'm curious to understand whether we have already have an established and structured process for supply chain risk management in your organization. So yes, but it's really more paper-based approach. So really more on the paper side or it's really based on IT solution or no, there's still a gap. So looking forward to your responses before we then shift forward to the q and a session.
And as usual, the more people participate, the better it is than the more valid the results are. So please go ahead. Thank you. So let's move forward to our q and a and we already have a couple of questions here for the q and a and so let's get started. And then maybe the first one is really primarily targeted to Marco. It's about what is the number of B2 P organizations and the relatively relative size of sort of B2B users in these organizations compared to to employees for instance, use you usually assess, assist with. So which organizations are looking at these challenges of these use cases?
Well, it, it vary. Okay, good question. So which organization in our experience are, again, my example was in banking and maybe I could have brought up an example in insurance because in our experience that where it would start, or at least where we started to the point that even, even these days we have quite a few insurance company, which are, which are dominating maybe our reference list, right? But this is still incidental, it's probably historical. So we assisted two customers in pretty much in, in, in retail, in in finance, in manufacturing. Yeah. And so there is no real any specific vertical that that is more relevant than others though in terms of relative size. These types of needs tends to be more perceived as such whenever you have a proliferation of many b2b, I mean if you just have two, three organizations you're dealing with and they're very static, you don't have that problem. Okay? You end up treating them as you define them in employee type b2 e constituents. Okay? Things tends to be more relevant and more and requiring a specific solutions when you enter the volatile set of constituent dealer brokers or, or, or this or agents right? Type of constituent. So that's why also my maybe tendency to look more at the goal to market part of the, of the conversation. So from the company to reaching the customers because that's where you have a more volatile side of business organizations involved. Yeah.
So, so maybe to add here, so what what we see is, I, I think there are really two factors impacting this. The one is the industry and, and there are different reasons. So some industries, so when you look at automotive vendors with all their suppliers, they, they already have some certain level of maturity also when it comes to some supply chain security aspects and managing identities, but still in most cases also some way to go in, in the, the, the finance industry we see the regulatory pressure being higher in this space. So this is really driving a lot in, in that space. And then we have others which have just very complex use cases. Interesting. You for instance, when you go to to some, some large healthcare institutions or which have some students in a lot of our externals or pharmaceuticals, then they have in tendency very complex use cases.
So they're again also regulatory by regulatory pressure are looking increasingly at how can I get better on this? And it's not that that you could say there's a, a silver bullet yet. I think there are solutions like, like the one market talked about that are coming to the market, helping the space. But it's definitely something which is still a journey for most organizations. And depending on the, the the, the level of regulations also the sort of the size for organizations it is a bit different. So the more regulation, the smaller, usually the organizations are that need to care for this. Okay. So we have a couple of more, couple more questions here. So with all these new identity flavors and moving to one uniform Im or digital identity solution, how would you arrange identification of identities, for example, to reduce duplicates also, what is the difference between an identity and an account in your strategy?
Oh, well I think that it doesn't change that much compared to what, for instance we're already familiar with in identity governance or light identity governance, you still have that dualism identity versus account. Those are two separate thing. Okay. And probably they should be kept as such, otherwise you inevitably end up having nasty side effect. Okay. If you don't have a clear distinction between the two. So I don't revise any significant difference introduced by the b2b, B2B specific use cases with respect to what, again, we already kind of matured with over the governance evolution days.
So, so, so in the past I remember we had some discussions also about personas, so to speak as a third one. So you have a persona that has different identities or a person that has different personas. So, so it ended up in a very esoteric discussions honestly regarding terminology. But basically the point is I marking ing or I could be take an insurance company example, I could be an employee that I insurance company, I could be a freelance broker for the insurance company and I could be a customer. So I could be in all three roles at the same time with different accounts. So I as a person would have three personas or identities with different accounts.
That is a good point. Did the other part of the question was about the identification? Identification. I think this is an interesting piece because what, what I expect to see is that we use more and more sort of remote verification approaches, maybe suit together with decentralized identity, but it would sort of go beyond our subject of today. But e even for the workforce, I think what what makes a huge difference nowadays is we have a lot of people that are employees that never have been in office of that organization. So they are closer to B2B identities sometimes when it comes to identification, isn't it Marco?
Yeah, indeed. But the, the way you answer the question now allow me to better understand probably what the original question was also about right? How do you deal with the same I identity maybe have a different hat, different personas, you said depending on maybe an individual session for a specific service I might be getting there for different reasons, right? Or maybe being a, I don't know, maybe in in one case an a power user in another way, an ordinary user. So depending on the context of authorization, depending what I required. So the reason why I'm bringing this up and now probably better understand what you mean with that is that it's indeed a fairly advanced requirement. But we got that already and I'm happy to report that we understand and we interpret that, that there is a per session level of authorization that you might have and you might be subject to depending on which resource on bi alpha, which other persona you're not getting access to. Okay. So that may be probably another flavor of the answer to the same question. The same individual can indeed have different access to the same resource in different ways depending on session specific context. Okay.
Another question I have here, you mentioned authorization management as part of b2b is that frequently asked for and isn't that assuming that the organization is primarily building its own applications?
Okay, well it's frequent. It's getting more fre more and more frequent. Okay. So that's the thing while delegation, which belongs to B2B, is about distributing the ability to manage people. So there is a notion of spreading out who can do what and making it closer to the beneficiary. Okay? The, the, the delegated manager on the authorization we assist to the opposite, we assist to a tendency to centralize to have a single place where I, where I manage them all. Okay, authorization meaning having policy, contextual information processing at runtime detected or depending on the identity relationship among identity et cetera, harmonized to make a authorization decision. So it's coming more and more frequent. Okay. Does it belong to B2B only? No, I think it's just made more relevant by B2B use cases but doesn't at all belong to B2B only. Okay. And it doesn't require strictly to have control of the code.
I think that question was also going, do I need to control the application, right? The the the application code. Yeah, of course if you have that you can make the decision to defer to a central policy decision point or your authorization decision. And this is a very advanced integration and very fine grain control that you can, you can have, but even in an application that you not have control with as soon as they are SAM or IDC compliant and so they are sensitive to claim, you can still control functionally central in an authorization engine what user I'm entitled to. Yeah. So there are different morals that would deserve a conversation and probably a webinar per se. Okay. To properly Yeah,
I I I think for policy based, yeah access control we can spend hours, yeah. I for instance the, to the keynote at our European identity conference. This here around my views on that. I think the point is you can use policies at many places and yes, the ideal would be if an application asks a policy system for authorization decision at a very fine grade level, but also for a indication for some more cost grain approaches. We are using policies and we are seeing increasingly increasing use of policies. There's a follow up question on that.
So how do you see access modeling for B2B and b2c? Is this more traditional APAC or is this really more attribute based access control? And maybe in the context of of of that is also as policy-based, access control is effectively used. So we know exactor Yeah, not that much, but what, for instance, what we see, on one hand we see a lot of policies at the authentication level. Okay. And we see a lot of policy use right now when organizations are starting to build a digital services when they rely on technology such as the policy agent. So we as as Analyst, we observer a very strong uptake here. What's your opinion on that?
Yeah, okay. Yeah, this is, that's a very good question. I can in the, it's really a blend in my experience. Again, role-based access control in B2B tends to be much lighter, much easier not struggling with the challenges or maybe the, the implications that have in in b2 e iga where you have role proliferation, explosion, anything. So sort of this, this doesn't happen in b2b so it tends to be, yes you have a catalog of roles cause there's discretionary access, multiple application involved, you wanna build roles but are not that many are a fairly limited set. Okay? So to that end airbag is among the requirement that should be fulfilled and helps in making, in talking the business language because that's what roles provide abstraction in terms of the way they're named. Okay? But there are just a few, that being said, the way they get delivered okay and assigned to different business constituents is very often policy or attribute based. So board applies, okay, so we're back again to the authorization conversation attribute. When you have that geography matters or other identity attribute presence decisions are made. So that's where AAC is also applicable. So I would say AAC applies much lighter than in traditional iga. Pbac and HABA applies as well. Different domains. Yeah,
No, no disagreement. And I think we already know what will be the next webinar topic we do together,
Isn't it? That would be a great one,
Yes. So much to talk about on that policy based. So Marco, we are done with the questions. So that means thank you very much to you. Thank you very much Thomas for supporting this webinar. Thank you very much for, for to everyone listening to this Google call webinar and joining us today. Hope to have you soon back at one of our upcoming our virtual events or physical events. Thank you.
Thank you.