Do your users often complain that it’s difficult to access and authenticate with your identity and access management (IAM) program? If your users are having a painful experience with an IAM platform, you’ll no doubt hear about it.

Organizations are struggling to gain full user acceptance, resulting in costly inefficiencies, ineffective IAM solutions that don’t meet user needs, and unanticipated disruption to the business — all of which can lead to overall program failure due to users blocking or stalling adoption.

3 Ways to Design an IAM Program With Your Users in Mind

What if there were a way to design, operate and optimize your IAM program using an innovative and proven framework that provides a line of sight into each influencing element of an IAM program, thereby enabling successful program adoption? Enterprise Design Thinking is an accelerator that helps IT and security teams collaborate and addresses the needs of all users and stakeholders, including return-on-investment (ROI) objectives.

Let’s explore three ways you can improve your overall identity and access management program by putting your users first.

1. Explore Risk and Uncertainty With Questions and Assumptions

Teams often assume they can solve users’ problems from a second- or third-person position — e.g., “I know my customer and my users; I face them every day.” However, unless you are the user or engage sponsor users in the collaborative process, you won’t have enough validated insight to make the right design decisions. This results in a suboptimal user experience and can increase rework, impact revenue, and introduce risk and delays.

In Enterprise Design Thinking, we use an activity called “Questions and Assumptions” to explore risk and uncertainty. We get to a certain point in the initial design thinking work, take a step back and identify assumptions we might have made that need further examination. We also pinpoint questions we may still have that, when answered, can validate or invalidate assumptions, which mitigates risk.

For example, if several assumptions or questions arise during a strategy session, we capture and calibrate them into levels of certainty and uncertainty, and high and low risk. For those that fall into the high-risk/high-uncertainty zone, we create an action plan using user experience (UX) research to learn more. We research and test to validate the assumption, then bring key findings back into our next collaboration session and stakeholder playback. Discussions ensue and, based on new insights, action plans are iterated upon with stakeholders completely aligned.

2. Optimize the User Experience With User-Centered Design Principles

Applying a user-centered design is of paramount value when designing an IAM solution. First, we frame the problem to be solved, then define our target outcomes. Well-defined outcomes enable teams to deploy a more effective solution, often in a shorter time frame and with reduced investment.

To enable and delight our users, we need to step into their world and understand them thoroughly. We use user-centered design and design thinking techniques to identify pain points and opportunities for an improved experience. We assemble diverse teams that include actual users, then collaborate together using the Enterprise Design Thinking framework to design a solution that satisfies their needs. Users are our North Star, as we say; everything we do is outcomes-focused with the user top of mind.

Imagine that your users are having access issues, and your IT and business leaders do not have a clear line of sight into the levels of access required, by whom (anyone from an external party, to an internal operational team, to the whole span of users in the IAM program), under what conditions, and what their needs and preferences are. This, naturally, would result in inefficiencies.

When we use a set of proven design thinking principles and practices to create end-to-end identity and access management programs, different areas are defined and designed to work in concert with one another, resulting in improved efficiencies and a delightful user experience.

3. Build Agile Teams and Collaborate

Enterprise Design Thinking is a framework for action supported by diverse, empowered teams and enabled with tools and collaborative activities that build upon one another. For many, it is a completely new way of working. Through guided facilitation, teams come into the design thinking session to co-create and craft a solution that makes sense for the organization, with users as their North Star.

It’s all about moving from a traditional top-down, bottom-up approach to get stakeholders, experts and users into one room to collaborate. Enterprise Design Thinking allows us to probe, explore and ask questions with all voices heard and grounded by an agreed-upon, defined problem and target outcomes. The insights generated converge into structured road maps, owned and actioned by an informed, aligned team responsible for delivering results for stakeholders in an agile way. It’s about failing fast and failing quickly. The sooner the team learns, the faster the project evolves.

Creating a Seamless IAM Solution From the User’s Perspective

You can use Enterprise Design Thinking to solve virtually any challenge. However, to successfully use design thinking to improve how IAM has historically been approached, you’ll need a highly visible executive sponsor who is willing to champion a shift in culture, support a new way of working, model behavior, engender a growth mindset and inject a willingness to experiment.

Enterprise Design Thinking is a proven approach that can lead to successful program adoption for IAM leaders and professionals. Instead of assuming what our users need, we actively find out from the first-person perspective. We conduct research, listen and observe. We work closely with our users to learn what is working well for them and what their pain points are. Finally, we use those insights and build upon them to create a solution that results in a seamless experience.

Learn how to design an IAM program optimized for your business

More from Identity & Access

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today