On October 3, we published a blog entitled Harness the Power of Your Identity Data. In that post, we outlined the role that identity and access management (IAM) plays in delivering the kind of digital experiences that are key to meeting customer acquisition, engagement, and retention targets.
We also covered the challenge of creating the right experience with the right security to various identities with differing needs — business partners, suppliers, employees, contractors, devices, and diverse populations of customers — often engaging with separate brands or lines of business under the same corporate umbrella. And we introduced the secret to providing tailored experiences to these identities by tapping into your identity data.
In this post, we'll outline two specific steps you can take to reach your business goals using your identity data. There is a third step, which we will detail in the next post in this series.
Step 1: Connect and centrally manage your identity data sources
So much of the identity data needed to fuel your business growth already exists. It's out there, and you might even know where to find most of it. But the trick is to be able to pull together just the right pieces from a variety of what we call authoritative sources, at just the right time. That's why the first step to harnessing the power of your identity data is to connect to your data sources in a way that gives you a single view of all identity data. In the ForgeRock Identity Cloud, we call this Lifecycle Management, or LCM.
LCM gives you the power to connect to all different kinds of siloed data. This data usually resides in identity directory servers and an array of databases associated with specific applications throughout your organization. Once connected, you can create a composite, single view of your customers and all of your other managed identities. This single view can give you new insights into the same customers with different account names across brands or lines of business — and give you a new level of situational awareness that can provide critical inputs to enhance security.
In addition to connecting to all of your data sources, LCM empowers you to centrally manage all of your identities, which gives you the ability to pull identity data in from multiple sources and combine the data in any way you need. Then, you can provision and manage the ongoing lifecycle of your identity information with the source systems and any other downstream systems or applications.
Step 2: Enable a business-centric model
Now that you're centrally managing all of your identity data, you can start to mold it into the shape of your business. This is where things get really exciting, because you can organize your identity data around your business use cases, not the other way around.
With ForgeRock's relationship model, you can design how your identities are organized. Instead of trying to force-fit disparate identity data into a single, rigid hierarchy, you can now create different identity objects that are purpose-built for each identity type.
Think of the different types of identity attributes you'd need to manage for your employees vs. your customers vs. a set of IoT devices.
Like tabs in a spreadsheet, or tables in a database, you can arrange your identities in a way that makes sense for you. Let's continue with the spreadsheet analogy for a moment. Why do you create different tabs? Why not just put everything into a single sheet? Probably because it makes more sense to manage some related data in the columns of Tab A, and others in Tabs B, C, and so on. Think of each new tab as a way to distinctly manage different identity types more efficiently. And there's just one more piece of this spreadsheet analogy to bring this point home: the pivot table! But first, let's set the context by looking at an access management scenario.
Let's say you're a large retail enterprise with multiple brands, and at least one brand is from a recent acquisition. As the user begins the login process, your access manager makes a request to your identity manager. Based on the context, your identity manager looks at the relationships between the user and the associated brand, and returns a set of data parameters that empower you to give that user a tailored experience in accordance with the guidelines of that specific brand. Wow. That was great. But what made it possible lies in our pivot table analogy, so let's get back to it.
Why do you create a pivot table in a spreadsheet? Because you need a view that combines data from different tabs to serve a specific purpose. This is what happened with our brand login experience. The access manager made a request to the identity manager. And the identity manager was able to use the relationship between the user's main identity "tab" and the related brand "tab" to return the data points that the access management system needed to orchestrate a specific brand experience for that user.
Here's another example: maybe one of your business partners or suppliers has access to one of your systems. You require that partners use MFA as part of the authentication, but your partners cannot require their employees to use a personal mobile device as an MFA second factor, therefore they have opted to receive one-time passcodes in their email as the second factor. When your partner's user initiates a login to your system, your identity manager follows the relationship from that user's identity record to their affiliated organization (a different tab in the spreadsheet) and provides that data to the access manager, which selects a login journey that sends and validated a one-time passcode after the password has been correctly entered.
These are just two examples of may. Once you've enabled your business-centric identity model, you can ensure each customer of each brand, or each partner, or contractor, and so on, gets the tailored experience and security required.
Learn more in a webinar with Forrester
Be sure to check out our webinar featuring ForgeRock experts with a guest analyst from Forrester. It's titled "Harness the Power of Your Identity Data" and it's available now on demand.