The ForgeRock Approach to CIAM

Our recent big news is that the ForgeRock Identity Platform now features an interactive profile and privacy dashboard that will make it easier for you to come into compliance with the EU’s General Data Privacy Regulation. (Check out our demo to see how it works). There are so many new capabilities built into the platform, however, that we weren’t able to fit everything into the press release, so let's talk about what's new with our customer identity and access management (CIAM) technology.

With ForgeRock, retailers, banks and other organizations can further support frictionless user experiences with real-time identity context that continuously assesses and optimize the omnichannel experience throughout the user journey. In essence, we are advancing CIAM beyond current capabilities available in the market. ForgeRock customers will now be able to use features including fine-grained authentication (also known as push authentication decision trees) and authorization via push notifications to shape customer experiences through the evolution of a single online session (or over multiple sessions) based on digital identity. These capabilities will profoundly improve user experiences (UX), from passwordless authentication on first contact through to transaction consummation and fulfillment.  

As digital devices and services have transformed countless industries and business models, the full promise of digital transformation has been held back by the lack of alternatives to conventional approaches to identity, access management, authorization, and security. Think about the customer-to-business relationship as it currently exists. Today, consumers are forced to punch in username or password at login over and again every day. Merchants and services providers have been able to personalize UX to an extent, but only on a limited number of factors. An administrator who wanted to alter a customer’s login journey if that user logged in from a Microsoft-based device vs. a Linux-based device, was out of luck in most cases.

To the extent digital identity could be used to shape the UX, it was primarily through integration with marketing automation solutions. That’s the approach embraced by the identity vendors mentioned alongside ForgeRock as overall leaders in the KuppingerCole CIAM report. To be clear, ForgeRock sees integration with marketing automation platforms as a good thing. We believe, however, that the most effective approach to customizing the UX through CIAM demands a robust feature set that enables integration of identity end-to-end across the enterprise. These features include:

  • The ability to maintain a persistent identity throughout all touch-points, smart products, and services, with emphasis on being IoT identity enabled.
  • The ability to build upon a foundation using open standards.
  • An API-first model, putting consumers first with fine-grained access controls for their privacy and security settings
  • Ability to integrate with legacy systems.
  • A hybrid implementation approach with the ability to deploy on premises or in the cloud.
  • Ability to leverage DevOps tools.
  • Extensive customization capabilities.
  • Ability to scale technologies to support IoT initiatives, which can encompass millions of identities for people, devices, and services.

With such capabilities incorporated into your digital identity infrastructure, it becomes possible to support a UX that caters to the customer based on signals and modes. Rather than having customers initiating an interaction through two-factor authentication, you can base authentication and authorizations on a limitless number of factors: location, biometrics, geo-velocity, risk score, profile data, network, purchase history, and countless others. Fine-grained authentication provides more flexibility, administrative control, and increased security, by enabling organizations to continuously evaluate the most appropriate authentication experience for end-users and consumers, based on their needs. With the authentication journey broken down into signals, a more transparent login experiences results, with increased choice and less friction for end users.

The ForgeRock Identity Platform is the first offering on the market that allows you to model relationships across users, devices, things, and cloud/microservices. We’re the only identity solutions provider to eliminate ballooning identity / IoT fragmentation through a common relationship model. To support IoT business cases with competing offerings, you effectively need to build separate systems for user identity, thing identity, and cloud/microservice identity – setting up a potential IT management nightmare if / when you need to scale to support millions of users and things. Additionally, how can you support dynamically changing user experiences based on constant assessment of contextual signal when you’ve got identities siloed in this way?

Essentially, most vendors in the space are approaching CIAM with offerings built on legacy identity technology originally designed for internal organizational use cases, usually for managing employee access to systems and data. But you can't really claim customer identity if you don’t have the ability to integrate identity into your end-user products and services with integration across the organization. ForgeRock customers are showing that they can do exactly that: Bose with identity-enabled headphones and speakers, Toyota with connected cars, the BBC with set-top boxes, Amer Sports  with basketballs and exercise equipment, and so forth.

With the launch of the latest ForgeRock Identity Platform, organizations deploying devices and services to the IoT now have a comprehensive CIAM solution that provides digital identity across any relationship model, and for any dynamically changing user experience. The importance of privacy and security to the successful rollout of IoT devices and services cannot be understated, and these are the trends that are also fueling the growing demand for CIAM solutions. If your connected car can be easily hacked and taken over by a bad actor through a stolen password, how safe is it to operate that car? Not safe at all, it goes without saying. The same dynamic holds for smart home systems and industrial IoT. Multifactor authentication based on signals and decision trees will necessarily take on ever-growing importance in the years ahead.

As we continue to push the digital identity envelope in the months ahead, keep this in mind: ForgeRock’s approach to CIAM – crucially built on a common approach for modeling relationships across users, devices, things, and cloud/microservices, and with hybrid deployment options – is the only one expressly designed for the IoT. As more and more business press forward with digital transformation strategies and engage IoT business models, we believe that difference is going to matter. A lot.