Do your users often complain that it’s difficult to access and authenticate with your identity and access management (IAM) program? If your users are having a painful experience with an IAM platform, you’ll no doubt hear about it.

Organizations are struggling to gain full user acceptance, resulting in costly inefficiencies, ineffective IAM solutions that don’t meet user needs, and unanticipated disruption to the business — all of which can lead to overall program failure due to users blocking or stalling adoption.

3 Ways to Design an IAM Program With Your Users in Mind

What if there were a way to design, operate and optimize your IAM program using an innovative and proven framework that provides a line of sight into each influencing element of an IAM program, thereby enabling successful program adoption? Enterprise Design Thinking is an accelerator that helps IT and security teams collaborate and addresses the needs of all users and stakeholders, including return-on-investment (ROI) objectives.

Let’s explore three ways you can improve your overall identity and access management program by putting your users first.

1. Explore Risk and Uncertainty With Questions and Assumptions

Teams often assume they can solve users’ problems from a second- or third-person position — e.g., “I know my customer and my users; I face them every day.” However, unless you are the user or engage sponsor users in the collaborative process, you won’t have enough validated insight to make the right design decisions. This results in a suboptimal user experience and can increase rework, impact revenue, and introduce risk and delays.

In Enterprise Design Thinking, we use an activity called “Questions and Assumptions” to explore risk and uncertainty. We get to a certain point in the initial design thinking work, take a step back and identify assumptions we might have made that need further examination. We also pinpoint questions we may still have that, when answered, can validate or invalidate assumptions, which mitigates risk.

For example, if several assumptions or questions arise during a strategy session, we capture and calibrate them into levels of certainty and uncertainty, and high and low risk. For those that fall into the high-risk/high-uncertainty zone, we create an action plan using user experience (UX) research to learn more. We research and test to validate the assumption, then bring key findings back into our next collaboration session and stakeholder playback. Discussions ensue and, based on new insights, action plans are iterated upon with stakeholders completely aligned.

2. Optimize the User Experience With User-Centered Design Principles

Applying a user-centered design is of paramount value when designing an IAM solution. First, we frame the problem to be solved, then define our target outcomes. Well-defined outcomes enable teams to deploy a more effective solution, often in a shorter time frame and with reduced investment.

To enable and delight our users, we need to step into their world and understand them thoroughly. We use user-centered design and design thinking techniques to identify pain points and opportunities for an improved experience. We assemble diverse teams that include actual users, then collaborate together using the Enterprise Design Thinking framework to design a solution that satisfies their needs. Users are our North Star, as we say; everything we do is outcomes-focused with the user top of mind.

Imagine that your users are having access issues, and your IT and business leaders do not have a clear line of sight into the levels of access required, by whom (anyone from an external party, to an internal operational team, to the whole span of users in the IAM program), under what conditions, and what their needs and preferences are. This, naturally, would result in inefficiencies.

When we use a set of proven design thinking principles and practices to create end-to-end identity and access management programs, different areas are defined and designed to work in concert with one another, resulting in improved efficiencies and a delightful user experience.

3. Build Agile Teams and Collaborate

Enterprise Design Thinking is a framework for action supported by diverse, empowered teams and enabled with tools and collaborative activities that build upon one another. For many, it is a completely new way of working. Through guided facilitation, teams come into the design thinking session to co-create and craft a solution that makes sense for the organization, with users as their North Star.

It’s all about moving from a traditional top-down, bottom-up approach to get stakeholders, experts and users into one room to collaborate. Enterprise Design Thinking allows us to probe, explore and ask questions with all voices heard and grounded by an agreed-upon, defined problem and target outcomes. The insights generated converge into structured road maps, owned and actioned by an informed, aligned team responsible for delivering results for stakeholders in an agile way. It’s about failing fast and failing quickly. The sooner the team learns, the faster the project evolves.

Creating a Seamless IAM Solution From the User’s Perspective

You can use Enterprise Design Thinking to solve virtually any challenge. However, to successfully use design thinking to improve how IAM has historically been approached, you’ll need a highly visible executive sponsor who is willing to champion a shift in culture, support a new way of working, model behavior, engender a growth mindset and inject a willingness to experiment.

Enterprise Design Thinking is a proven approach that can lead to successful program adoption for IAM leaders and professionals. Instead of assuming what our users need, we actively find out from the first-person perspective. We conduct research, listen and observe. We work closely with our users to learn what is working well for them and what their pain points are. Finally, we use those insights and build upon them to create a solution that results in a seamless experience.

Learn how to design an IAM program optimized for your business

More from Identity & Access

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today