CIAM for B2B: Overview
8 min read
Learn about the key features that SAP Customer Data Cloud CIAM for B2B offers and the problems the solution aims to solve.
Table of Contents
SAP Customer Data Cloud has a rich experience in offering Customer Identity & Access Management (CIAM) solutions for B2C, but many of the platform's core capabilities are transferable to the B2B world.
Whilst B2B is a broad term that can be used for almost anything that describes interactions between two businesses, Customer Data Cloud CIAM for B2B focuses on the space where customers or partners (or any external organization) digitally engage with your business. This can be something as simple as an external user accessing an internal documentation website, for example. These digital engagements require the capabilities of a CIAM solution, such as:
- Organization and user onboarding
CIAM for B2B aims to support the digital transformation by modernizing the way in which external organization users interact with your business systems.
Why CIAM for B2B?
Legacy systems that support user onboarding processes are prone to issues because they were not designed for these type of interactions. Let's discuss some of the issues that arise as a result.
Slow & Costly
Onboarding and managing of customers and partners is often driven from IT departments and is labor intensive and error prone, resulting in lost opportunity.
From my personal experience working as a consultant and being granted access into customers business systems, I've seen instances of an onboarding taking 5 days or more and the access being incorrect when I finally get it. These external user onboarding processes are often centered around Active Directory, which was never designed for these types of users.
Customer and partner experiences are often fragmented, high touch and not repeatable, dragging down revenue growth and brand loyalty. I have personal experience of being provisioned multiple accounts to access different systems for the same customer, which offers a poor experience.
As B2C customers, we are spoilt with great user experiences and there is a higher expectation, particular amongst the younger workforce, that these experiences should also be present in the B2B world.
Fragmented systems and processes create data privacy and security gaps that are costly and damaging to brand reputation. There is a lack of visibility of who has access to which systems and it can be very difficult to revoke access when an external user leaves their organization. I still have access to customer systems from jobs I left years ago.
So how can Customer Data Cloud help solve some of these problems? Here we'll take a look at some of the core capabilities that the CIAM for B2B solution offers.
Organization management is a broad topic that includes the onboarding of organizations. It's important to understand that Customer Data Cloud is not looking to replace your existing master data system for organization data, but instead we are another system that takes a copy of that data in order to facilitates business processes.
The organization management capabilities include the ability for an organization to self register on a website or portal by providing information about the organization and key contact. This self registration can trigger processes that drive the interactions with the downstream systems. Alternatively, organizations can be onboarded, as they are today, through your existing backend processes, and then a copy of that organization data can be copied to Customer Data Cloud via API. Flexibility is the key here.
Organization management also covers the onboarding of users from those external organizations, and this is where delegated administration plays a large part. Delegated administration allows one or more members of an external organization to manage their own users. This can be in the form of sending email or SMS invitations directly from the system to configuring the trust with the external organization's identity provider ('bring your own identity'), which allows external users to log in to your business systems using their own organization's SSO credentials.
Delegated administration is a powerful feature that requires us to change our perspective on how external users should be onboarded. Where we have complex and error prone processes run by IT departments today, we can switch our mindset to allow external organizations to manage their own users, which creates more time for our IT departments to focus on more important tasks.
In many ways, it is also better from a compliance point of view. External organizations have much greater visibility when their staff leave the organization and can revoke the access when relevant. Where external organization use 'bring your own identity', they have even greater control over who has access by tying access revocation into their standard leavers processes.
Identity Lifecycle Management
Providing a consistent omni-channel experience, personalization and rapid onboarding by using the out of the box Screensets, flows and integrations. Identity Lifecycle Management allows you to build a user profile over time. You might first know about a user as they sign up to a mailing list at a conference by providing their name and email address. Later they may be onboarding through delegated administration process, but Customer Data Cloud maintains this as a single profile with common ID, so when the account data is distributed to downstream systems the integrations are simplified.
Authentication is a key capability of any CIAM solution and Customer Data Cloud provides flexible authentication options that balances security and usability requirements across different usage scenarios. This includes:
- Traditional email and password
- One time password via SMS
- Risk based authentication
- Two factor authentication
- Single sign on
- Support for federated protocols
Policy Based Access Control
Policy Based Access Control (PBAC) is the mechanism for supporting authorization requirements when external users are accessing internal business systems. You might be more familiar with Role Based Access Control as a mechanism for authorization, but PBAC has an advantage in that both roles and attributes can be used to govern access which simplifies the authorization model. Customer Data Cloud also offers real time authorization APIs which allows you to get an instant decision on whether access should be granted.
You can read more about PBAC here.
Consent and Preference Management
Whilst consent is a grey area in the B2B space as consent is often implied through the contract between the two organizations, there is still a place for the capabilities that are offered. Whilst an organization might own your email address, your first name and last name are still your personal data and that should be treated with the same care that is granted in the B2C world.
Separate to the consent specific topics, providing your users with centralized profile management capabilities provides a better user experience. These preferences can be used to further drive personalization; this can be as simple as asking someone for their default currency and then displaying prices in that currency. Using Customer Data Cloud to store that profile and preference data makes it available across applications.
SAP Customer Data Cloud aims to bring its existing functionality relating to authentication, identity lifecycle management and consent management, and pair them with organization management and authorization capabilities required for B2B.
CIAM for B2B aims to modernize the way in which customers and partners digitally engage with your organization.