Do your users often complain that it’s difficult to access and authenticate with your identity and access management (IAM) program? If your users are having a painful experience with an IAM platform, you’ll no doubt hear about it.

Organizations are struggling to gain full user acceptance, resulting in costly inefficiencies, ineffective IAM solutions that don’t meet user needs, and unanticipated disruption to the business — all of which can lead to overall program failure due to users blocking or stalling adoption.

3 Ways to Design an IAM Program With Your Users in Mind

What if there were a way to design, operate and optimize your IAM program using an innovative and proven framework that provides a line of sight into each influencing element of an IAM program, thereby enabling successful program adoption? Enterprise Design Thinking is an accelerator that helps IT and security teams collaborate and addresses the needs of all users and stakeholders, including return-on-investment (ROI) objectives.

Let’s explore three ways you can improve your overall identity and access management program by putting your users first.

1. Explore Risk and Uncertainty With Questions and Assumptions

Teams often assume they can solve users’ problems from a second- or third-person position — e.g., “I know my customer and my users; I face them every day.” However, unless you are the user or engage sponsor users in the collaborative process, you won’t have enough validated insight to make the right design decisions. This results in a suboptimal user experience and can increase rework, impact revenue, and introduce risk and delays.

In Enterprise Design Thinking, we use an activity called “Questions and Assumptions” to explore risk and uncertainty. We get to a certain point in the initial design thinking work, take a step back and identify assumptions we might have made that need further examination. We also pinpoint questions we may still have that, when answered, can validate or invalidate assumptions, which mitigates risk.

For example, if several assumptions or questions arise during a strategy session, we capture and calibrate them into levels of certainty and uncertainty, and high and low risk. For those that fall into the high-risk/high-uncertainty zone, we create an action plan using user experience (UX) research to learn more. We research and test to validate the assumption, then bring key findings back into our next collaboration session and stakeholder playback. Discussions ensue and, based on new insights, action plans are iterated upon with stakeholders completely aligned.

2. Optimize the User Experience With User-Centered Design Principles

Applying a user-centered design is of paramount value when designing an IAM solution. First, we frame the problem to be solved, then define our target outcomes. Well-defined outcomes enable teams to deploy a more effective solution, often in a shorter time frame and with reduced investment.

To enable and delight our users, we need to step into their world and understand them thoroughly. We use user-centered design and design thinking techniques to identify pain points and opportunities for an improved experience. We assemble diverse teams that include actual users, then collaborate together using the Enterprise Design Thinking framework to design a solution that satisfies their needs. Users are our North Star, as we say; everything we do is outcomes-focused with the user top of mind.

Imagine that your users are having access issues, and your IT and business leaders do not have a clear line of sight into the levels of access required, by whom (anyone from an external party, to an internal operational team, to the whole span of users in the IAM program), under what conditions, and what their needs and preferences are. This, naturally, would result in inefficiencies.

When we use a set of proven design thinking principles and practices to create end-to-end identity and access management programs, different areas are defined and designed to work in concert with one another, resulting in improved efficiencies and a delightful user experience.

3. Build Agile Teams and Collaborate

Enterprise Design Thinking is a framework for action supported by diverse, empowered teams and enabled with tools and collaborative activities that build upon one another. For many, it is a completely new way of working. Through guided facilitation, teams come into the design thinking session to co-create and craft a solution that makes sense for the organization, with users as their North Star.

It’s all about moving from a traditional top-down, bottom-up approach to get stakeholders, experts and users into one room to collaborate. Enterprise Design Thinking allows us to probe, explore and ask questions with all voices heard and grounded by an agreed-upon, defined problem and target outcomes. The insights generated converge into structured road maps, owned and actioned by an informed, aligned team responsible for delivering results for stakeholders in an agile way. It’s about failing fast and failing quickly. The sooner the team learns, the faster the project evolves.

Creating a Seamless IAM Solution From the User’s Perspective

You can use Enterprise Design Thinking to solve virtually any challenge. However, to successfully use design thinking to improve how IAM has historically been approached, you’ll need a highly visible executive sponsor who is willing to champion a shift in culture, support a new way of working, model behavior, engender a growth mindset and inject a willingness to experiment.

Enterprise Design Thinking is a proven approach that can lead to successful program adoption for IAM leaders and professionals. Instead of assuming what our users need, we actively find out from the first-person perspective. We conduct research, listen and observe. We work closely with our users to learn what is working well for them and what their pain points are. Finally, we use those insights and build upon them to create a solution that results in a seamless experience.

Learn how to design an IAM program optimized for your business

More from Identity & Access

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

An IBM Hacker Breaks Down High-Profile Attacks

On September 19, 2022, an 18-year-old cyberattacker known as "teapotuberhacker" (aka TeaPot) allegedly breached the Slack messages of game developer Rockstar Games. Using this access, they pilfered over 90 videos of the upcoming Grand Theft Auto VI game. They then posted those videos on the fan website Gamers got an unsanctioned sneak peek of game footage, characters, plot points and other critical details. It was a game developer's worst nightmare. In addition, the malicious actor claimed responsibility for a…