Professional Documents
Culture Documents
Customer Engagement Sso Ebook 3005
Customer Engagement Sso Ebook 3005
CUSTOMER
ENGAGEMENT
STARTS WITH
SINGLE SIGN-ON
(BUT IT DOESN’T END THERE)
03 ANSWERING HIGH EXPECTATIONS WITH
CUSTOMER SSO
15 STEP-UP AUTHENTICATION
Authentication is an easy place to fall short, since your customers have to sign on and authenticate
every time they interact with your digital properties. If a customer has to create and remember
multiple login credentials to access the various channels, applications or services you offer, they’ll
quickly get frustrated.
Many companies begin their customer identity and access management (customer IAM or CIAM)
journey by providing single-sign on (SSO). Single sign-on is a great first step and critical to making
your customers’ authentication experience as convenient as possible. But SSO is just one small
piece of the puzzle.
Your enterprise will likely outgrow the need to only provide SSO to in-house applications. As you
integrate with more and more internal and third-party apps, you’ll quickly find that managing
access on your own is no longer realistic and hinders your speed to market.
Implementing a federated SSO solution allows you to accelerate new offerings, while also
delivering consistent and secure experiences to your customers. The Ping Identity Platform
does this and more with its standards-based, customer IAM platform.
SSO DRIVES CUSTOMER EXPERIENCE & REVENUE FASTER TIME TO MARKET FOLLOWING M&A
Eliminating the need for repeated user sign-ons is one of the top reasons to implement ACTIVITY
a customer IAM platform. SSO increases user satisfaction and enhances security Many Ping Identity customers mention the ability to more quickly deploy revenue-
by eliminating password sprawl. It can also have a direct impact on improving the generating applications following mergers and acquisitions. One customer says:
customer experience and driving revenue, according to Ping Identity Platform users.
“If we have an application serviced by an external
third party, we can integrate the application using
INCREMENTAL REVENUE FROM IMPROVED
CUSTOMER ENROLLMENT RATES Ping, so the customer never knows that there’s a third
The Ping Identity Platform offers federated SSO, as well as many other customer- party involved, and the interface has the look and feel
specific identity management capabilities. Leading enterprises praise its ability
consistent with the rest of our website. This would be
to enable more seamless enrollment into customer-facing applications. One Ping
extremely challenging to do in-house on our own.”
customer explains:
Several customers called out the ability to quickly integrate and then white-
“We’re a diversified company and have certain applications
label applications with revenue impact as a notable benefit of the Ping Identity
for which it would be unacceptable for the customer to fill out Platform. For example, an enterprise can align with a business partner to offer
their information every time they wanted to initiate access to services under a revenue-sharing arrangement, while maintaining its branding
Other customers noted that integrating customer enrollment applications enabled them
to decrease their sales cycle.
In this age when customer experience is king, customer IAM is critical. If your customers
can’t easily register, sign on for services or conduct transactions, then it really doesn’t matter
how your website, mobile app, services or support channels are built. And if your customers
aren’t satisfied with their interactions with your brand across channels, they can and will
move on to your competition.
If there’s one thing customers hate it’s managing passwords. The fatigue of trying to
remember dozens of login credentials can lead customers to write passwords down, reuse
passwords across multiple sites and take part in other insecure practices. Aside from this
all-too-common reality, relying on passwords alone can also increase your abandonment
rates, leading to lost revenue. There’s a real possibility your customers may not complete
transactions if they can’t remember their login password. Or they may not register at all if
they don’t want to create yet another password they’ll have to remember.
This is where federated SSO really shines. It plays a critical role in delivering a seamless
authentication experience across all of your digital properties. It can even include features
like social login that allow your customers to leverage their credentials from sites like
Facebook and Google. Providing these capabilities for your customers speaks volumes.
It says you want to make things simple, convenient and secure. That makes for happy
customers.
On the other hand, not investing in customer IAM and federated SSO can jeopardize your
relationship with your customers. Their tolerance for clunky, disjointed experiences is
dwindling as more and more companies—including your competitors—are providing the
seamless experiences customers expect. By not providing federated SSO, you may be
sending the unintended message that the customer experience isn’t important to you and
unwittingly aiding those same competitors.
Identity federation standards are an essential part of implementing scalable and secure SAML
federated identity across an organization. Not only do they reduce the integration efforts SAML is an open XML standard for exchanging authentication and authorization of
between multiple organizations when sharing applications and data, but they also bring data between an identity provider and a service provider. It enables federation so that
security to any device, browser or client that’s accessing information from applications. For organizations can safely share identity information across domains.
this reason, embracing standards is also key to reducing time-to-market for new applications.
OAUTH 2.0
Each standard uses a different approach to sharing and managing customer identity data, OAuth 2.0 is the industry-leading standard for enabling access to APIs. Simply put, it’s a
scopes, credentials and more. So your CIAM solution should provide support for multiple standard framework that allows an application to securely access resources on behalf of the
standards, including: user without requiring their password. This open authorization also lets the user understand
what kinds of access and information the application is requesting, and then provide consent.
SCIM
The System for Cross-domain Identity Management was developed in 2011, using OPENID CONNECT
modern protocols like REST and JSON in order to reduce complexity and provide a more OpenID Connect adds an identity layer to OAuth 2.0 and simplifies existing federation
straightforward approach to user management. The adoption of SCIM allows easier, more specifications. It enables identity federation, as well as delegated authorization, and it
powerful and standardized communication between identity data stores. includes other features and mechanisms that enhance dynamic interoperability.
When addressing customer experience, you must consider the WORLDWIDE MOBILE APP REVENUES IN 2015, 2016 AND 2020
mobile experience, too. Customers expect to do more and more (IN BILLION U.S. DOLLARS)
with their mobile devices—including making purchases and
other revenue-generating activities. They don’t want to fuss with
remembering passwords and won’t tolerate clunky login procedures.
And regardless of how many separate development teams it took
you to develop your mobile app and other digital properties, your
customers expect their authentication experiences to be consistent
across all of them.
To be relevant in a mobile channel requires speed. People
immediately reach for their phones when they want something and
expect immediate gratification. If you provide a fluid, seamless and
secure user experience with SSO, customer engagement is yours
for the taking. But if your mobile authentication experience is poor
or different from that of your other channels, your customers won’t
stick around. It’s that simple.
High-profile retailers, like Wawa, Starbucks and Chick-fil-A, say that Source: Statista
the SSO capability in their customer IAM solutions is critical to
providing a good mobile experience and driving increased customer
engagement. These leaders are paving the way with best practices
for SSO mobility.
Before they launched their mobile app, Wawa had primarily one-sided communication
with its customers. As a top convenience retailer, Wawa worked hard to ensure that
convenience translated to its mobile application; multiple sign-ons were not an option.
While the initial rollout goal was 350,000 users, the end goal is 2 million fully engaged
mobile customers.
WAWA: A (MOBILE) CUSTOMER SSO SUCCESS
Wawa is a 100-year-old, $9.3 billion convenience store retailer on the East Coast who “We needed to make sure there was a simple authentication method, basically some
decided to meet its customers where they are—on the road in search of gasoline and sort of user ID and password, with [federated] tokens, so users don’t have to always
snacks. Eric Barnes, Wawa’s applications manager, says that customers had been sign on to the app,” says Barnes. “For example, if a user just wants to jump on to
asking for a loyalty program and a more convenient way to pay for purchases. find a store location, no sign-on is necessary. But if they want to add a credit card or
A mobile app was just the ticket, but it had to be easy to use. change information in their profile, there’s a secure yet seamless method for that. As
consumers use all the different features, they are constantly authenticated back within
the application.”
“We have a very strong customer following. With
mobile engagement, we wanted to interact with The user has one set of credentials and signs on to the app just once. But on the
back end, the CIAM solution manages multiple credentials, including those from third
customers on a more personal level and give them
parties, like Wawa’s loyalty program provider.
more capabilities, including the ability to check
gas prices and find the nearest Wawa.” “We have ease of use, single sign-on for the front end of the customer. And it’s very
- ERIC BARNES, Wawa Application Manager fast in responding,” says Barnes. “For Wawa, customer SSO is the very foundation of
an engaging mobile experience.”
STEP-UP AUTHENTICATION BALANCES SECURITY Furthermore, authenticating via SMS has been deemed insecure by the National
WITH CONVENIENCE Institute of Standards and Technology (NIST), as SMS messages can easily be
Multi-factor authentication (MFA) and federated SSO go hand-in-hand in delivering an intercepted by hackers.
optimal user experience. To provide the simplest experience with the least amount of
friction, many leading digital businesses utilize social login or require a username and When providing MFA for customers, it’s most desirable to offer a solution embedded
password as a first means of authentication. This is a great entry point for access to low- into your own mobile application. This is not only secure and on brand, but it also adds
risk applications, services and activities. value to your mobile app by turning it into a secure additional factor. Going a step
As the customer moves along their journey, adaptive authentication offers a way to helps to mitigate risk without inconveniencing customers, providing the optimal
evaluate the risk associated with additional interactions and step up authentication only balance between security and customer experience.
Selecting what MFA method/s to offer is an important decision. For customers, standard
MFA simply won’t work. Customers aren’t willing to download a third-party MFA application.
As crucial as SSO is to your customer experience, it’s only the first step. Your customer expectations for a secure and
seamless experience extend well beyond their initial sign on.
If your customers update a preference or detail on one channel, they expect it to apply or be accessible to any other
channel. You accomplish this through a unified customer profile. Purpose-built customer IAM solutions can work
with your enterprise’s existing infrastructure to help you create a secure, scalable unified profile through bidirectional
synchronizations and migrations of your existing customer data.
Your customer data also needs to be secured from authentication to the data layer. You must provide a convenient and
secure MFA solution for customers that doesn’t require them to download a third-party app, because they usually won’t.
You must also secure access to resources, encrypting customer data end to end and providing other security capabilities
to protect your customer data and prevent breaches.
Aside from allowing you to deliver an exceptional customer experience, CIAM facilitates your ability to meet the
requirements of increasingly diverse privacy regulations. A modern solution will provide attribute-by-attribute data access
governance, enforcing customer consent and giving customers control over and insight into who their data is being
shared with. It will also be flexible to address the scale and performance requirements needed to support thousands or
millions of users, while providing the flexibility to support changing and unpredictable user behaviors.
All of these customer IAM capabilities are critical for today’s customer-facing enterprises and can help ensure your
competitive advantage for years to come. To learn more about CIAM solutions, read our Ultimate Guide to Customer IAM.
Ping Identity envisions a digital world powered by identity. As the identity security company, we simplify how the world’s largest organizations prevent security breaches, increase employee and partner productivity and provide personalized
customer experiences. Enterprises choose Ping for our identity expertise, open standards leadership, partnership with companies like Microsoft, Amazon and Google, and collaboration with customers like Boeing, Cisco, Disney, GE, Kraft Foods,
Walgreens and over half of the Fortune 100. Visit pingidentity.com.