Consumer IAM application scenario
IAM Increases Sales through your Online Store
Consumer Identity & Access Management technologies enable social login and mobile login, which simplify the registration and authentication processes for visitors to your website. With our help, you can offer customers options for quick access to your site, while keeping the site secure and simple to use.
NOTE: iC Consult has enjoyed the confidence of many Global 500 companies for years. The projects we support and implement are of strategic value to our customers, both for security reasons and as a business driver. For confidentiality reasons, all use cases shown here are anonymized and obfuscated. But the individual elements of the solutions are real and used by several of our customers and reflect our project experience.
Customer and Objectives
ACME is a global retail company, with approximately 20 million registered customers on their site. Its products are sold under various brand names through an e-commerce store hosted in the cloud. The company uses several internally developed web applications and mobile apps.
By simplifying registration and login using social media and mobile login, ACME wanted to get more information about the website visitors and increase the conversion rate.
In addition, the application integration effort needed to be minimal while addressing large legal and internal data protection requirements.
Given the company’s expertise in access management, iC Consult was entrusted with the selection and implementation of the software. We took over the role of lead architect and managed the project from architectural design to implementation and commissioning.
Task and challenge
Under the old model, customers had to create a accounts and login separately to each application. Because of these obstacles in registration and authentication ACME had visitor information only in an anonymous and isolated form. It was impossible to consolidate the data across sessions, applications and devices. But only a comprehensive, 360-degree view of the customer would have allowed the company to offer personalized discounts, premium services and similar benefits.
Due to lack of centralized services, authentication, registration, and account self-services, had to be implemented separately in each application. A single sign-on between applications was not available. The distributed implementation of the login process - both for in-house as for cloud-hosted applications – made the enforcement of compliance of the coding guidelines and of the customer account data handling difficult for the company. The web service interface deployed for applications was inadequately secured against cyber crime.
ACME was looking for a solution for centralized authentication and cross-domain single sign-on allowing quick, easy and secure integration of web applications in a heterogeneous environment.
ACME also wanted cloud identity providers like Facebook, Twitter to provide the data for initial registration and to simplify the login.
The solution needed to be flexible, extensible, and lightweight, to enable a quick response to new requirements in the dynamic retailer environment.
Solution and Implementation
iC Consult implemented a streamlined and scalable solution for cloud SSO, social media login and mobile apps. A stand-alone federation server based on open standards was used, which blended seamlessly into the existing environment and integrated quickly with identity providers (Facebook, Twitter, and OpenID-enabled services as Google and Yahoo) on one side and service provider applications on the other.
A portal that externalized the login and registration process from the applications was implemented and deployed.
Moreover, iC Consult developed the necessary custom code that was integrated using the plug-in interfaces with the federation product and over a web service interface with the CRM database.
To facilitate the use of the OAuth interface for developers of mobile apps, a software development kit (SDK ) for iOS and Android was implemented, which encapsulates the details of the protocol.
Results and benefits
The possibility to login with Facebook, Twitter, Google and Yahoo has increased the number of registered and authenticated users and reduced the number of failed logins due to forgotten passwords.
The social networks integration promotes "social sharing " and thus forms a basis for viral marketing campaigns.
With full control over the implementation of the registration process and external access control, the risks concerning data privacy and security have significantly decreased.
The audit log collected in a central database helps additionally to detect attempted attacks early, and to make all transactions traceable.
By outsourcing the security code from the applications, the release- to-market time for new developments could be shortened.