Do your users often complain that it’s difficult to access and authenticate with your identity and access management (IAM) program? If your users are having a painful experience with an IAM platform, you’ll no doubt hear about it.

Organizations are struggling to gain full user acceptance, resulting in costly inefficiencies, ineffective IAM solutions that don’t meet user needs, and unanticipated disruption to the business — all of which can lead to overall program failure due to users blocking or stalling adoption.

3 Ways to Design an IAM Program With Your Users in Mind

What if there were a way to design, operate and optimize your IAM program using an innovative and proven framework that provides a line of sight into each influencing element of an IAM program, thereby enabling successful program adoption? Enterprise Design Thinking is an accelerator that helps IT and security teams collaborate and addresses the needs of all users and stakeholders, including return-on-investment (ROI) objectives.

Let’s explore three ways you can improve your overall identity and access management program by putting your users first.

1. Explore Risk and Uncertainty With Questions and Assumptions

Teams often assume they can solve users’ problems from a second- or third-person position — e.g., “I know my customer and my users; I face them every day.” However, unless you are the user or engage sponsor users in the collaborative process, you won’t have enough validated insight to make the right design decisions. This results in a suboptimal user experience and can increase rework, impact revenue, and introduce risk and delays.

In Enterprise Design Thinking, we use an activity called “Questions and Assumptions” to explore risk and uncertainty. We get to a certain point in the initial design thinking work, take a step back and identify assumptions we might have made that need further examination. We also pinpoint questions we may still have that, when answered, can validate or invalidate assumptions, which mitigates risk.

For example, if several assumptions or questions arise during a strategy session, we capture and calibrate them into levels of certainty and uncertainty, and high and low risk. For those that fall into the high-risk/high-uncertainty zone, we create an action plan using user experience (UX) research to learn more. We research and test to validate the assumption, then bring key findings back into our next collaboration session and stakeholder playback. Discussions ensue and, based on new insights, action plans are iterated upon with stakeholders completely aligned.

2. Optimize the User Experience With User-Centered Design Principles

Applying a user-centered design is of paramount value when designing an IAM solution. First, we frame the problem to be solved, then define our target outcomes. Well-defined outcomes enable teams to deploy a more effective solution, often in a shorter time frame and with reduced investment.

To enable and delight our users, we need to step into their world and understand them thoroughly. We use user-centered design and design thinking techniques to identify pain points and opportunities for an improved experience. We assemble diverse teams that include actual users, then collaborate together using the Enterprise Design Thinking framework to design a solution that satisfies their needs. Users are our North Star, as we say; everything we do is outcomes-focused with the user top of mind.

Imagine that your users are having access issues, and your IT and business leaders do not have a clear line of sight into the levels of access required, by whom (anyone from an external party, to an internal operational team, to the whole span of users in the IAM program), under what conditions, and what their needs and preferences are. This, naturally, would result in inefficiencies.

When we use a set of proven design thinking principles and practices to create end-to-end identity and access management programs, different areas are defined and designed to work in concert with one another, resulting in improved efficiencies and a delightful user experience.

3. Build Agile Teams and Collaborate

Enterprise Design Thinking is a framework for action supported by diverse, empowered teams and enabled with tools and collaborative activities that build upon one another. For many, it is a completely new way of working. Through guided facilitation, teams come into the design thinking session to co-create and craft a solution that makes sense for the organization, with users as their North Star.

It’s all about moving from a traditional top-down, bottom-up approach to get stakeholders, experts and users into one room to collaborate. Enterprise Design Thinking allows us to probe, explore and ask questions with all voices heard and grounded by an agreed-upon, defined problem and target outcomes. The insights generated converge into structured road maps, owned and actioned by an informed, aligned team responsible for delivering results for stakeholders in an agile way. It’s about failing fast and failing quickly. The sooner the team learns, the faster the project evolves.

Creating a Seamless IAM Solution From the User’s Perspective

You can use Enterprise Design Thinking to solve virtually any challenge. However, to successfully use design thinking to improve how IAM has historically been approached, you’ll need a highly visible executive sponsor who is willing to champion a shift in culture, support a new way of working, model behavior, engender a growth mindset and inject a willingness to experiment.

Enterprise Design Thinking is a proven approach that can lead to successful program adoption for IAM leaders and professionals. Instead of assuming what our users need, we actively find out from the first-person perspective. We conduct research, listen and observe. We work closely with our users to learn what is working well for them and what their pain points are. Finally, we use those insights and build upon them to create a solution that results in a seamless experience.

Learn how to design an IAM program optimized for your business

More from Identity & Access

How to Keep Your Secrets Safe: A Password Primer

There are two kinds of companies in the world: those that have been breached by criminals, and those that have been breached and don't know it yet. Criminals are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise data is more likely to be stored on the cloud rather than on prem. Using sophisticated cloud scanning software, criminals can breach an enterprise system within…

Making the Leap: The Risks and Benefits of Passwordless Authentication

The password isn't going anywhere. Passwordless authentication is gaining momentum, though. It appears to be winning the battle of how companies are choosing to log in. Like it or not, the security industry must contend with both in the future.  But for some businesses and agencies, going passwordless is the clear strategy. Microsoft, for instance, has recently stopped forcing users to use a password to access their account, which allows access to a wide range of Microsoft business and personal…

Old Habits Die Hard: New Report Finds Businesses Still Introducing Security Risk into Cloud Environments

While cloud computing and its many forms (private, public, hybrid cloud or multi-cloud environments) have become ubiquitous with innovation and growth over the past decade, cybercriminals have closely watched the migration and introduced innovations of their own to exploit the platforms. Most of these exploits are based on poor configurations and human error. New IBM Security X-Force data reveals that many cloud-adopting businesses are falling behind on basic security best practices, introducing more risk to their organizations. Shedding light on…

Why Your Success Depends on Your IAM Capability

It’s truly universal: if you require your workforce, customers, patients, citizens, constituents, students, teachers… anyone, to register before digitally accessing information or buying goods or services, you are enabling that interaction with identity and access management (IAM). Many IAM vendors talk about how IAM solutions can be an enabler for productivity, about the return on investment (ROI) that can be achieved after successfully rolling out an identity strategy. They all talk about reduction in friction, improving users' perception of the…