Personas are a great way to make user administration of an Identity and Access Management (IAM) solution less complicated. But as TrustBuilder CTO Carlo Schüpp explained during a recent Digital Identity Meetup, personas also come in handy when securing the digital ecosystems that many companies are currently building. Below is a short recap of his talk, but we advise you to view the recording of that Meetup here.
Carlo kicked off his presentation by taking a walk down memory lane when Enterprise IAM and Consumer IAM were completely separate things. There was a time that Consumer IAM (CIAM for short) was not even considered interesting by analysts. They viewed CIAM as a mere marketing thing to profile customers and had nothing to do with security. Security for CIAM was fairly simple: either you had an account and then you could go through. With no account, you couldn’t. Times change, however, and paradigms shift. Consumer IAM has morphed into Customer CIAM, and is now regarded differently. As mobile access has become more popular and as remote work has increased, the introduction of cloud applications has made the security perimeter vanish to make way for zero trust security. This situation is not helped by the fact that different users (employees, contractors, business partners, consumers…) are accessing the same applications and that people switch employer and job positions more frequently than ever. The role explosion and account explosion this leads to, creates a major admin nightmare.
One user profile per person
This is where personas come in. A persona stands for the relation that you have with a certain company or with the services of that company. In any organization, users can take on many personas: as an employee, as a retail customer, as an authorized signatory… In a university, a person can be a professor, teaching courses. But that same person can also be a student, taking a course with a colleague. A dentist treats patients, but will occasionally also be a patient herself when she needs dental care. If your IAM solution creates multiple accounts per person, the system becomes very complex for the sysadmins and for the users themselves. The core of TrustBuilder’s persona philosophy is that you only have one user profile per person, no matter what role that person plays.
The concept of personas makes life easy on the user and on the sysadmin:
- Management of user profiles becomes less cumbersome. The number of user profiles equals the number of people. Without personas, the number of accounts will multiply.
- When a person switches jobs, you no longer need to deactivate the entire user profile, you only deactivate the persona associated with that job.
- Users understand personas: they know when they are acting as a consumer and when they take the employee or business partner persona. By using personas, they don’t need to use multiple accounts with separate sets of credentials. All they need to do is switch personas.
- Using personas makes it easier to delegate administration to someone else, for instance when a team leader needs to delegate his authority to a team member during his holiday.
- Personas allow for easier administration by users themselves, or by business partners. This is very handy for instance for HR services companies that can let their customers perform a lot of the administration themselves.
Protecting digital ecosystems
Besides resolving headaches on the enterprise side, using personas also opens up opportunities on the commercial side. As more companies are offering third-party services from business partners to their customers, and are building digital ecosystems, they can actually allow those business partners to administer access for their own staff. This means people will only get one profile. Depending on the persona they select, they will get access to different services, but moving from one service to another will be seamless. That’s what we call ecosystem security at TrustBuilder. In an ecosystem, people assume different roles, but they only get one user profile and use the persona they need to access specific services. This enhances customer experience and increases security.
Watch the recording of the Digital Identity Meetup to see Carlo Schüpp explain all the ins and outs of personas.
And do register for our next webinar on how to prevent role explosion, using personas.