ݺߣ

ݺߣShare a Scribd company logo

Identiverse 2021- Personalization of the Identity Experience—Why It's the Future and Why It Just Makes Sense

Download as PPTX, PDF
Mark Perry
Mark Perry

Mark Perry's presentation from Identiverse 2021. Covers how personalised identity experience (registration, account management, credential creation and management, authorisation, etc.) have a major effect on the usability and usage of digital properties and services.

1 of 20
Download to read offline
JUNE 2021 Personalization of the Identity Experience MARK PERRY Chief Customer Officer Biza.io Why It's the Future & Why It Just Makes Sense
JUNE 2021 About Me •Currently at Biza.io, leaders in Open Banking and the Australian Consumer Data Right •Formerly APJ CTO at Ping Identity •30+ years in technology •Previous companies also include : •Sun Microsystems •Netscape •Oracle •IBM •Based in Melbourne, Australia Loves Australian Rules Football (Go Tiges!), single malt whisky, golf
JUNE 2021 Where are we now? Identity Security is key to customer and employee experience
JUNE 2021 but … Never-ending Tug of War Between Security and Usability Breaches/ Identity Theft Unsympathetic UX Orgs slow to adopt new technology
JUNE 2021 • Increased friction for the user • Created the need to learn new authentication ceremonies • Raised worries about credential and data storage • Made it difficult for developers, leading to “one size fits all” • Left many behind as things have become more complex Previous Efforts Have
JUNE 2021 We have the solutions… We need to retire old ways of thinking and deliver what customers need — all of them
JUNE 2021 This has a real effect on customer behavior e.g. Consumer Survey from 2019 60% of people blame poor identity experience for not completing their purchases
JUNE 2021 How to advance the use of modern Identity Security? Personalized Identity Experiences Consider delivering To create delighted customers, happy executives, and smug contented identity security professionals
JUNE 2021 Allowing the end user to select (and change) their desired security experience. What does personalization mean? It may be due to: • Capability or ability • Localised issues • Device Limitations • Customer Expectations Not just the user selecting their favorite authentication method.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning How can we deliver personalized IX? Keep onboarding as simple as possible.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization • Consent How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization. Enable fine-grained consent. Expose consents to the user.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization • Consent • Self-Service How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization. Enable fine-grained consent. Expose consents to the user. Be open with what you store and why. Give the customer control.
JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization • Consent • Self-Service • De-provisioning How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization. Enable fine-grained consent. Expose consents to the user. Be open with what you store and why. Give the customer control. Honor the right to be forgotten.
JUNE 2021 Static policies and rules need to be augmented by dynamic decision making What Else is Needed? • Take in signals from the continuous evaluation of user behavior during the session • Inform authentication and authorization decisions • Enable personalised, fine-grained experiences for users Machine Learning offers the ability to respond to new threats without manual interaction
JUNE 2021 Personalized Authentication Example Australian Stock Trading App Flow • Register account • Confirm email address • Recommend MFA (PIN &/or FaceID) • Enrol MFA • Request additional profile data Note all authentication options displayed on the login screen
JUNE 2021 What We Can Do • Consider how personalized identity experiences can differentiate your brand • Sell the benefits to colleagues, developers, executives • Offer options for authentication and ditch the “lowest common denominator” • Follow the open standards that provide pieces of the platform • OpenID Connect • Client Initiated Backchannel Authentication • Rich Authorization Requests • WebAuthn • And wrap it in Machine Learning to help remove static rules and decisions
JUNE 2021 Thank You! For More Information & To Connect @markperryau mark@markperryid.com markperryid.com

More Related Content

Identiverse 2021- Personalization of the Identity Experience—Why It's the Future and Why It Just Makes Sense

  • 1. JUNE 2021 Personalization of the Identity Experience MARK PERRY Chief Customer Officer Biza.io Why It's the Future & Why It Just Makes Sense
  • 2. JUNE 2021 About Me •Currently at Biza.io, leaders in Open Banking and the Australian Consumer Data Right •Formerly APJ CTO at Ping Identity •30+ years in technology •Previous companies also include : •Sun Microsystems •Netscape •Oracle •IBM •Based in Melbourne, Australia Loves Australian Rules Football (Go Tiges!), single malt whisky, golf
  • 3. JUNE 2021 Where are we now? Identity Security is key to customer and employee experience
  • 4. JUNE 2021 but … Never-ending Tug of War Between Security and Usability Breaches/ Identity Theft Unsympathetic UX Orgs slow to adopt new technology
  • 5. JUNE 2021 • Increased friction for the user • Created the need to learn new authentication ceremonies • Raised worries about credential and data storage • Made it difficult for developers, leading to “one size fits all” • Left many behind as things have become more complex Previous Efforts Have
  • 6. JUNE 2021 We have the solutions… We need to retire old ways of thinking and deliver what customers need — all of them
  • 7. JUNE 2021 This has a real effect on customer behavior e.g. Consumer Survey from 2019 60% of people blame poor identity experience for not completing their purchases
  • 8. JUNE 2021 How to advance the use of modern Identity Security? Personalized Identity Experiences Consider delivering To create delighted customers, happy executives, and smug contented identity security professionals
  • 9. JUNE 2021 Allowing the end user to select (and change) their desired security experience. What does personalization mean? It may be due to: • Capability or ability • Localised issues • Device Limitations • Customer Expectations Not just the user selecting their favorite authentication method.
  • 10. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning How can we deliver personalized IX? Keep onboarding as simple as possible.
  • 11. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need.
  • 12. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them.
  • 13. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization.
  • 14. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization • Consent How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization. Enable fine-grained consent. Expose consents to the user.
  • 15. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization • Consent • Self-Service How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization. Enable fine-grained consent. Expose consents to the user. Be open with what you store and why. Give the customer control.
  • 16. JUNE 2021 Let’s review the usual identity security processes • Registration/Provisioning • Profile/Credential creation • Authentication • Authorization • Consent • Self-Service • De-provisioning How can we deliver personalized IX? Keep onboarding as simple as possible. Don’t ask for things you might need. Allow multiple authentication methods. Make it simple to enrol and use them. Use fine-grained authorization. Enable fine-grained consent. Expose consents to the user. Be open with what you store and why. Give the customer control. Honor the right to be forgotten.
  • 17. JUNE 2021 Static policies and rules need to be augmented by dynamic decision making What Else is Needed? • Take in signals from the continuous evaluation of user behavior during the session • Inform authentication and authorization decisions • Enable personalised, fine-grained experiences for users Machine Learning offers the ability to respond to new threats without manual interaction
  • 18. JUNE 2021 Personalized Authentication Example Australian Stock Trading App Flow • Register account • Confirm email address • Recommend MFA (PIN &/or FaceID) • Enrol MFA • Request additional profile data Note all authentication options displayed on the login screen
  • 19. JUNE 2021 What We Can Do • Consider how personalized identity experiences can differentiate your brand • Sell the benefits to colleagues, developers, executives • Offer options for authentication and ditch the “lowest common denominator” • Follow the open standards that provide pieces of the platform • OpenID Connect • Client Initiated Backchannel Authentication • Rich Authorization Requests • WebAuthn • And wrap it in Machine Learning to help remove static rules and decisions
  • 20. JUNE 2021 Thank You! For More Information & To Connect @markperryau mark@markperryid.com markperryid.com