I absolutely adore chocolate. In fact, I’m fairly certain that I, like many, look at a chocolate bar on the shelf and our first thought is how fast we can get that wrapper off and devour that sweet, milky, goodness down to the last bite. Just like chocolate itself is an amazing innovation that delights daily, the process behind it to procure and produce the ingredients that goes into its production is equally amazing.
Let’s say ABC chocolate (my “creative” representation of your typical Chocolate bar) is produced and sold worldwide, and orchestrates a supply chain between diverse global businesses to serve its customers. They work with a Cocoa distributor based in Ghana, a Cane Sugar Producer from India, Dairy farm Organizations in the US, and the list goes on and on…
Like ABC chocolate, major product and service firms do business globally, and rely on partners in diverse geopolitical regions with varying investments (or the entire lack thereof) in Identity and security. In fact, I think most of us can agree that your local Dairy Farm that sells milk to ABC chocolate, or your neighborhood grocery store chain that sells ABC chocolate won’t have entire Identity management systems that can integrate with ABC chocolate’s systems to allow their users to login and track when their next shipment of milk needs to go out, or when the next order of bars will be in.
Order tracking is really just one aspect of how organizations interact in global supply chains. At the center of all those interactions, and the services that empower them, should be bullet proof partner Identity management that secures partner experiences for your enterprise no matter where you do business. So, to those looking to build Partner IAM at their organization, here’s 4 tips we at RAAH recommend following when you do:
DO: Buy and Build Partner IAM Solutions with Customer Experience in Mind
This is a bit broad as a do, but look for Partner IAM solutions that allow for heavy customizations of Login/Registration forms, flexible user management and administration, and provide pre-built backend integrations to industry leading Marketing Automation and Sales Platforms for Security Compliant data usage in downstream systems.
It is also important to note that a Partner IAM suite should be able to integrate with and provide API functionality that allows for Identity data to be used in your services and downstream systems for customized application and end-user experiences. This will allow your role frameworks to flourish both in reducing overhead, and in allowing for highly targeted and role specific opportunities for marketers to jump on to improve customer experiences and maximize retention and ROI on your product/service lines.
DON’T: Administer ALL the Identities
Yes, I started with a counterpoint, but an Identity nerd just got her wings when your read that. I’m sure it comes as no surprise, but managing identities is already a herculean task whether it be for your coworkers in the office, or for your customers online and in-store. Add to that the task of handling the identities of users at external organizations with continually shifting org structures, hirings/firings, and little to no IAM whatsoever and a situation arises that manpower just cannot solve at scale.
In architecting and deploying Partner IAM solutions, we do not recommend the centralized management approach; Firms that expose services to partners should not manage partner users and their accesses to systems, but must delegate that control to the partners that need this access. Of course, you as an identity professional will have to work with service teams at your organization to build a role and access framework to sit in front of their service so partner orgs are able to easily leverage it for their users, but the administration of that system must not be handled internally.
DO: Work on a Partner Service Role Framework ASAP
The very common misconception about Partner IAM and in fact IAM as a whole is that buying a product solves the problem. Literally nothing in this business could be further from the truth. Taking a deep look at your organization, assessing its needs, and then buying a product to address those needs is about 10% of the work. The other 90% is building a Role and Access Framework for the services and applications your organization exposes to its customer base, and using the product you just bought to enforce it.
Integration methodology with a service aside, what should be worked on even before buying a partner product to manage identities is the litany of access needs that a partner may have based on each individual service you offer them, and who they are at their organization. Doing this for EVERY service is a time-consuming process, and without this up front work, a Partner IAM product with every feature you can dream of is a waste of time and budget.
DON’T: Compromise on Organization Management
I’ve seen firms try to manage this themselves using relational tables and CIAM solutions that aren’t built to handle the complex relational experiences every organization has with its partner organizations. To really hit this point home, lets revisit the operations of ABC company, and one of its favorite small business partners, Bob Smith.
Bob Smith runs Bob’s Convenience Stores, a chain of successful convenience stores in CityVille USA. Residents of CityVille are huge fans of Bob’s Convenience, and are ABC chocolate’s most profitable demographic, accounting for a whopping 35% of all ABC chocolate sales in the whole city.
Bob owns and operates 10 stores across CityVille, and he stocks ABC chocolate at every single one, but he doesn’t do that on his own. He relies on his employees at the stores to know when supply is running low, to forecast sales of the chocolate, and to place orders based on those forecasts that maximize Bob’s ROI on chocolate sales. At any one store, Bob has an associate, or multiple associates working on Forecasting, Ordering, Purchasing, and Shipping that aligns with CityVille’s demand for ABC Chocolate.
In the past, a lot of this was done on pen and paper, associates at stores would report their numbers to regional store managers and procurement teams who then placed orders by phone, email, or through an ordering platform to ABC chocolate. This process was tedious, and as orders started to pile in, and ABC began to grow, but they weren’t prepared for the scale of partners who would be dying to get in on the action and order chocolate, so their order fulfillment teams were extreme cost guzzlers.
Enter the digital age, and ABCs fulfillment team doesn’t remember the last time they took an order via email, much less by phone. Over at Bob’s convenience, Bob’s associates use a service provided by ABC chocolate that allows them to do all of the above based on their role at Bob’s Convenience Store # 1, 2, 3…10, and the system works well even when he has employee turnover. ABC enables Bob, or his IT admin, to orchestrate access and authorizations to their service without ABC having to be involved in the process at all.
This is the benefit of building Partner facing Services with Organization Management principles at the core of the identity offering. We not only limit our overhead cost, but we reduce time consuming help-desk calls from external organizations, and slowdowns as a result of broken accesses that lead to decreased sales and increased friction with partners and vendors who use your services and buy your products.