The future of CIAM with B2C, B2B & B2B2C business models.
Customer Identity and Access Management (CIAM) is an emerging area that combines the security aspects of identity and access management with digital customer experiences. Nowadays the businesses are moving on rapid digital transformation with the technology advancements. The inter relation between businesses to formulate more complex business models while providing frictionless user experience is a key aspect of the modern digital transformation. The traditional CIAM solutions would not fit into those kind of advance business requirements. Developing in-house solutions to cater these identity requirements is not agile with respect to the digital transformation the businesses would expect.
Asgardeo is a SaaS-based CIAM solution provider which provides the capability to model the CIAM requirements of the complex business models within few clicks. This blog series is initiated to explain these business models with sample use cases and try out them with Asgardeo.
B2C — Business to Consumer
The traditional business model where the business provides services to its consumer base. The consumer identities can be managed by either the business itself or social identity providers which make more secure and reliable for the end users. Let’s understand the business model with an example.
EasyMeet is a video conferencing application which is deployed as a SaaS based solution. The consumers can register at EasyMeet by either creating an account in EasyMeet or signup with social logins. Asgardeo is providing the CIAM capabilities to allow different types of users to seamlessly login to the EasyMeet application. As shown in the below figure, John and Alice are consumers of EasyMeet app. John’s identity is managed by EasyMeet while Alice is following social IDP to authenticate. The red and green colour arrows denotes the authentication flow of each user for the better clarity.
Not only individual consumers, but also businesses can be facilitated from these type of SaaS apps. The consumer base of those businesses should be able to consume the service offered by the SaaS vendor. The identities of these users are managed by the corresponding business IDP. Hence the authentication flow of the SaaS app should be flexible to provide identity federation via the enterprise IDPs in such cases. These type of business use cases lead to define the B2B model.
B2B — Business to Business
In this model one business perform transactions with another business. The consumer base of a particular business is getting the services offered by the service provider business, based on a business contract. Not only B2C users but also the B2B users should experience friction less login experience, managing the identity requirements etc. The B2B CIAM is more focused on bridging the gap between the two businesses to provide a seamless experience as users of B2C model. Let’s understand this business model with the previous example by extending for the B2B use cases.
Medverse is a clinical service provider which requires video conferencing capabilities to remotely diagnose the patients. Medverse is intending to buy a subscription from EasyMeet for conducting the remote diagnoses via video calls. The employees of the Medverse are required to log into the video conferencing app while consuming the features of the given subscription. The employee identities of the Medverse organization are managed by a dedicated enterprise IDP of the Medverse organization. Hence the corresponding IDP has to managed as a federated IDP of the EasyMeet business in order to let the Medverse users to be logged in to the video conferencing application.
As shown in the above figure, Alice is an employee of Medverse who authenticated via the Medverse IDP in order to login to the EasyMeet application. The authentication mechanism of EasyMeet has to be further improved to resolve the business where the user resides, in order to continue the authentication flow. Before discussing the B2B CIAM solution provided by the Asgardeo, Let’s see how the same problem can be solved up to a extent with the B2C CIAM capabilities.
Asgardeo provides powerful adaptive authentication capability to define the authentication flow based on the given configurations. The business users can send their corresponding business name along with the authentication request. Also the email domain of the user can be mapped to a business. The adaptive script will be intelligent enough to identify these information and federate the users to the corresponding IDPs.
The above solution work up to an extent but it is not scalable as when the number of businesses increases, number of IDPs that should be managed by EasyMeet will be increased, and business mapping to corresponding IDP will be a burden. Also, the business specific customizations have to delegated for administrators of the consumer business. Then access management become complex and managing the administrative users of consumer businesses within the SaaS business leads for conflicts. Also, the user login events have to be tracked based on IDP connection in order to monitoring, rate limiting and billing purposes. There will be plenty of functional and non functional requirements which can not be catered easily, which will lead to complicate security aspects and developer experience.
Asgardeo provides out of the box B2B CIAM capabilities to model any B2B use case and it is matter of few clicks away. Let’s see how Asgardeo solves the burden of the SaaS business by modelling the B2B CIAM.
As shown in above figure, the identity requirements of the Medverse business is modelled by having a dedicated organization under the EasyMeet organization. The blue colour arrows indicates the authentication flow for a user resides in Medverse organization who login to the EasyMeet application. In B2B model, the consumer identities managed in a different organization compared to the B2C models where the EasyMeet manage the consumer identities.
In the Asgardeo namespace, these level below organizations are called as sub-organizations. Those sub-organizations can be created to model the B2B use cases as shown in the above figure. The B2B CIAM come with more advance identity & access management requirements and Asgardeo support all of the necessary features. For an example, managing the sub-organization would be tedious task for an administrator of EasyMeet organization. In that case separate platform administrators who manage individual sub organizations can be appointed and delegate fine grained access by assigning required roles. Also, the enterprise IDPs are directly plugged in to the sub organizations. The branding feature of Asgardeo let easily resolve the consumer businesses and federate to corresponding IDP by providing a smooth login experience.
Modern SaaS applications leverage through B2C + B2B models and Asgardeo is the best place to position in providing the cutting edge identity and access management requirements.
On the other hand, now the world is moving away from isolated businesses and motivating to being partnered with businesses in different domains to share the consumer base across the organizations. Compared to B2B model, both partnered businesses enjoy the benefits which can be expressed as a mutually beneficial business model.
B2B2C — Business to business to consumer
It is a combination of B2C and B2B models where businesses engaged in a mutually beneficial partnerships to provide better experience for the end consumers. In B2B model, the main business’s services are experienced by the users in the consumer business. But the B2B2C models focus on consumers of the main business while providing value added services from different partnership businesses.
Modern e-commerce solutions are widely adopting to this business model by involving supplier businesses to a common marketplace like eBay. The consumers of the e-commerce website is exposed to variety of products and services while the supplier businesses enjoy the features of the online marketplace with higher volume of consumer base. The partnership businesses can setup business level agreements on the offers, discounts, etc to attract the large consumer base from different domains. Let’s walk through this business model with an example use case to properly understand.
BestPrice is a retail business with online presence to buy various types of items through their website. They needs to enhance the quality of service by increasing the business integrations while increasing the consumer base for their website by partnering with value added services from different domains. BestPrice is intending to deliver the items to the doorstep of the consumers who order the items from their website. But they are not having the expertise on delivery services and the required delivery vehicles. DeliverNow is a delivery service who delivers customer orders submitted from their delivery service application.
BestPrice initiate a business partnership with DeliverNow to deliver the orders. Rather than the commission they get, DeliverNow is getting exposed to large consumer base of BestPrice which in return beneficial for increasing their consumer base. Also, BestPrice can attract the loyal consumer base of DeliverNow by providing offers, discounts based on the business partnership between the two businesses. Hope the B2B2C business model is very much clear that it is a mutually beneficial business bond.
In order to model these type of business use cases while preserving the proper CIAM requirements will be challenging. The identity as service solutions like Asgardeo can be used to model that kind of scenarios also.
As a conceptual model for B2B2C business model shown in above figure, Both business will have separate Asgardeo organizations. DeliverNow organization might have partnered with multiple retail businesses and BestPrice is one of them as shown in below figure, by modelling the BestPrice as a sub organization. The users of BestPrice can login to the BestPrice web application to order the items. If the consumers need the orders get delivered, they can choose the service provided by the DeliverNow. In such case, they can login to the DeliverNow application and complete the order delivery process. While this flow, the users do not need to log in to the DeliverNow application again, but rather SSO to that application. You can have peek on the flow of red arrows in order to understand how the identity federation works behind the scene to allow frictionless user experience for the end users.
In this blog we understood the few of the business models among the widely adopted business models along with the example use cases while modelling them on Asgardeo. The B2B and B2B2C models are sit on the early phases and will revolutionaries the digital transformation the businesses are intending to achieve. Asgardeo will be stands out as the leading CIAM vendor to provide all the B2C, B2B and B2B2C capabilities.
In the upcoming blogs, let’s implement these business models in Asgardeo platform to better view the out of the box CIAM capabilities provided to fulfil modern business needs.
References
https://medium.com/identity-beyond-borders/b2b-feature-with-asgardeo-bff4934f32c9
https://wso2.com/asgardeo/docs/guides/organization-management/
