Do your users often complain that it’s difficult to access and authenticate with your identity and access management (IAM) program? If your users are having a painful experience with an IAM platform, you’ll no doubt hear about it.

Organizations are struggling to gain full user acceptance, resulting in costly inefficiencies, ineffective IAM solutions that don’t meet user needs, and unanticipated disruption to the business — all of which can lead to overall program failure due to users blocking or stalling adoption.

3 Ways to Design an IAM Program With Your Users in Mind

What if there were a way to design, operate and optimize your IAM program using an innovative and proven framework that provides a line of sight into each influencing element of an IAM program, thereby enabling successful program adoption? Enterprise Design Thinking is an accelerator that helps IT and security teams collaborate and addresses the needs of all users and stakeholders, including return-on-investment (ROI) objectives.

Let’s explore three ways you can improve your overall identity and access management program by putting your users first.

1. Explore Risk and Uncertainty With Questions and Assumptions

Teams often assume they can solve users’ problems from a second- or third-person position — e.g., “I know my customer and my users; I face them every day.” However, unless you are the user or engage sponsor users in the collaborative process, you won’t have enough validated insight to make the right design decisions. This results in a suboptimal user experience and can increase rework, impact revenue, and introduce risk and delays.

In Enterprise Design Thinking, we use an activity called “Questions and Assumptions” to explore risk and uncertainty. We get to a certain point in the initial design thinking work, take a step back and identify assumptions we might have made that need further examination. We also pinpoint questions we may still have that, when answered, can validate or invalidate assumptions, which mitigates risk.

For example, if several assumptions or questions arise during a strategy session, we capture and calibrate them into levels of certainty and uncertainty, and high and low risk. For those that fall into the high-risk/high-uncertainty zone, we create an action plan using user experience (UX) research to learn more. We research and test to validate the assumption, then bring key findings back into our next collaboration session and stakeholder playback. Discussions ensue and, based on new insights, action plans are iterated upon with stakeholders completely aligned.

2. Optimize the User Experience With User-Centered Design Principles

Applying a user-centered design is of paramount value when designing an IAM solution. First, we frame the problem to be solved, then define our target outcomes. Well-defined outcomes enable teams to deploy a more effective solution, often in a shorter time frame and with reduced investment.

To enable and delight our users, we need to step into their world and understand them thoroughly. We use user-centered design and design thinking techniques to identify pain points and opportunities for an improved experience. We assemble diverse teams that include actual users, then collaborate together using the Enterprise Design Thinking framework to design a solution that satisfies their needs. Users are our North Star, as we say; everything we do is outcomes-focused with the user top of mind.

Imagine that your users are having access issues, and your IT and business leaders do not have a clear line of sight into the levels of access required, by whom (anyone from an external party, to an internal operational team, to the whole span of users in the IAM program), under what conditions, and what their needs and preferences are. This, naturally, would result in inefficiencies.

When we use a set of proven design thinking principles and practices to create end-to-end identity and access management programs, different areas are defined and designed to work in concert with one another, resulting in improved efficiencies and a delightful user experience.

3. Build Agile Teams and Collaborate

Enterprise Design Thinking is a framework for action supported by diverse, empowered teams and enabled with tools and collaborative activities that build upon one another. For many, it is a completely new way of working. Through guided facilitation, teams come into the design thinking session to co-create and craft a solution that makes sense for the organization, with users as their North Star.

It’s all about moving from a traditional top-down, bottom-up approach to get stakeholders, experts and users into one room to collaborate. Enterprise Design Thinking allows us to probe, explore and ask questions with all voices heard and grounded by an agreed-upon, defined problem and target outcomes. The insights generated converge into structured road maps, owned and actioned by an informed, aligned team responsible for delivering results for stakeholders in an agile way. It’s about failing fast and failing quickly. The sooner the team learns, the faster the project evolves.

Creating a Seamless IAM Solution From the User’s Perspective

You can use Enterprise Design Thinking to solve virtually any challenge. However, to successfully use design thinking to improve how IAM has historically been approached, you’ll need a highly visible executive sponsor who is willing to champion a shift in culture, support a new way of working, model behavior, engender a growth mindset and inject a willingness to experiment.

Enterprise Design Thinking is a proven approach that can lead to successful program adoption for IAM leaders and professionals. Instead of assuming what our users need, we actively find out from the first-person perspective. We conduct research, listen and observe. We work closely with our users to learn what is working well for them and what their pain points are. Finally, we use those insights and build upon them to create a solution that results in a seamless experience.

Learn how to design an IAM program optimized for your business

More from Identity & Access

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Artificial intelligence threats in identity management

4 min read - The 2023 Identity Security Threat Landscape Report from CyberArk identified some valuable insights. 2,300 security professionals surveyed responded with some sobering figures: 68% are concerned about insider threats from employee layoffs and churn 99% expect some type of identity compromise driven by financial cutbacks, geopolitical factors, cloud applications and hybrid work environments 74% are concerned about confidential data loss through employees, ex-employees and third-party vendors. Additionally, many feel digital identity proliferation is on the rise and the attack surface is…

X-Force certified containment: Responding to AD CS attacks

6 min read - This post was made possible through the contributions of Joseph Spero and Thanassis Diogos. In June 2023, IBM Security X-Force responded to an incident where a client had received alerts from their security tooling regarding potential malicious activity originating from a system within their network targeting a domain controller. X-Force analysis revealed that an attacker gained access to the client network through a VPN connection using a third-party IT management account. The IT management account had multi-factor authentication (MFA) disabled…

CISA, NSA issue new IAM best practice guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…