Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

2019 | Building a Modern Customer Identity Architecture | Identiverse | Day 2, June 26

133 Aufrufe

Veröffentlicht am

This session will highlight key architecture how General Motors decided on leveraging a Customer IAM platform as the core element in building a common set user experiences across all of its customer touch-points (including web, mobile and in-vehicle applications and services).  We will discuss the importance of enabling a platform of consumer identity services that are built using industry standards and cloud based technologies that are the core component of all GM customer facing services.  These core services enable business teams to focus completely on digital business enablement while leveraging the benefits of common services to better understand their customer. Finally, we will highlight how GM addressed some of the key challenges in determining strategies for customer identification, customer interaction, preference management, etc.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

2019 | Building a Modern Customer Identity Architecture | Identiverse | Day 2, June 26

  1. 1. Building a Modern Customer Identity Architecture Customer Identity Access Management (CIAM) J u n e 2 8 , 2 0 1 9 Andrew Cameron, Enterprise Architect GM Identity and Access Management
  2. 2. The Automotive Industry will change more in the next five years than in the previous 50 years. Technology is growing exponentially. As a result, consumers are inclined to engage with GM services in more ways than ever 2 ALMOST 12 MILLION CONNECTED VEHICLES ON THE ROAD; 4.5 MILLION WITH 4G LTE MORE THAN 5 MILLION USERS OF OUR MOBILE APPS WIDEST RANGE OF MODELS WITH APPLE CARPLAY AND ANDROID AUTO
  3. 3. Connecting the Vehicle Services to the Customer… 3
  4. 4. The “Customer 360” view…  My name is Jennifer Smith, I go by Jenna  My address, phone # and email are: xxx  Please don’t ask me twice for this information Recognize Me  My family owns 3 GM vehicles (Cadillac, Buick, and GMC);  We have owned 10 previously  We’ve had great experiences with our dealer and vehicle  But now I have a problem with billing for an app Understand Me  Acknowledge I’m a loyal customer at every interaction  Enable me to transfer personal vehicle settings  At service, greet me by name, pull my vehicle information automatically, update me via text  Handle my billing issue quickly Serve Me Enabler Accurate and consistent identification of a Person, Organization or Dealer. Establish Global Customer Identifier Enabler Connect a customer’s behaviors, transactions and interactions to their profile Enabler All business systems utilize the same master customer record to ensure every customer interaction is accurate, personal and valuable 4
  5. 5. Objective: A seamless and connected experience for the customer • There are several core components necessary to when it comes to the Customer Profile ecosystem:  Customer Identity  Customer Profile  Customer Preference Information  Customer Intelligence • These components should be woven together into a solution with the enterprise needs in mind. • The Design should deliberately drive a common goal: A Seamless and connected experience for the customer. Customer Identity and Access Management (CIAM) creates the foundation necessary to deliver outstanding customer experience and drive business results 5 CIAM Architecture Identity Profile Preferences Intelligence
  6. 6. Customer Identity 6
  7. 7. Cloud Identity (IDaaS) vs On-Premise Customer IAM
  8. 8. Threats Among Us • 7 billion compromised credentials reported in 2019 • https://haveibeenpwned.com/ • 60% of consumers reuse passwords across multiple sites • Over 90% of websites with login pages experienced bot attacks related to credential stuffing or credential cracking • Over 80% of sites having sign-up or application pages were the victims of bot activity aimed at creating fraudulent new accounts • 99% of Credential Attacks can be prevented with proper implementation of Multi-Factor Authentication (Google)
  9. 9. • Most IDaaS platforms are able to perform continuous evaluation of authentication activity. • Risk assessment can occur real- time based on multiple factors IDaaS Platforms – Threat Protection
  10. 10. Identity Standards – No Longer Optional! (Unless you are Apple) 10 OpenID Connect SAML Oauth FIDO 10 • Microsoft: 90%+ Azure AD Authentications are using OpenID Connect (2B per day!) • OAuth is how you protect APIs and Microservices (carefully, see IETF guidance!) • FIDO is becoming de-facto standard for Strong Authentication
  11. 11. Customer Profile 11
  12. 12. Customer Identity Lifecycle Register Manage Profile Data Manage Privacy and Consent Authenticate Authorize Identify and Proof Identity Unauthenticated Experience • CIAM Systems interact throughout this cycle • Privacy concerns are broader than just GDPR • Identity ‘Proofing’ could be done progressively
  13. 13. Architecture Design Principles  Common User attributes are created and updated in the Enterprise Profile Service.  Modifications to Enterprise Profile attributes should be –only- enabled thru Profile Service Endpoints  Business Apps should master all attributes that are not managed in the Enterprise Profile Service.  Local Profile should be managed within Business App environments.  Business Applications shouldn't have runtime dependence on Common user service.  Expose functionality over RESTful APIs, secured by the Customer Authentication Service  Back channel data synchronization should be discouraged 13
  14. 14. Account Service Customer Profile - Data Relationships 14 Account Profile Service Connected Disconnected Preferences Service App1 Prefs App2 Prefs • AccountID • LoginID (Email) • Password • Services (List) • ProfileID • AccountID • Password • Services (List) • ProfileID • AccountID • BusinessAppID Identity Service Customer • CustomerID • First Name • Last Name • Address1 Business App1 BizApp Profile • ProfileID • Business1AppID • Others Business App2 BizApp Profile • ProfileID • Business2AppID • Others 1 1 1 11 1 N 1 N
  15. 15. Account and Profile strategy – single credential CC 1 CC 2 Profile 1 Profile 2 Profile 3 Biz App 1 Biz App 2 Biz App 3 External Services (i.e. Payments) Account 1 Customer credential 15
  16. 16. Creating New Users 16  Business App Registration flow drives all steps  “Lite” registration flow supported  Validates key profile data as part of registration flow (i.e. Mobile Phone or Email) Identity New User Sign Up Flow 1 “Proof” Identity 2 Create Identity 3 Account Create Account 4 Application Create App Profile
  17. 17. Connect User to New Business App 17 New User Sign Up Flow 1 Account Get Common Profile 2 Application Create App Profile  Business Apps provide common UI for new service engagement  “Progressive Profiling” supported  Profile identifiers shared with new Business App.
  18. 18. Architecture Requirements 18
  19. 19. High level architecture – Solution View  OpenID Connect (OIDC) and OAuth 2.0 are implemented as standard protocols  Login, Registration and Profile Management are abstracted into common app services  Common Service Layer is leveraged to integrate to Backoffice Apps  Minimal User Profile data is managed in Customer Directory, most profile data managed in enterprise profile service  Preference Management data is managed within enterprise preference management service 19
  20. 20. Lessons Learned 20 DRIVE THE IAM STANDARDS GOVERN THE ARCHITECTURE COLLABORATE ON STRATEGY
  21. 21. Thank you! 21

×