Matt Klassen from Ping Identity discussing the Partner Identity issues facing retailers…
Retailers have been allowing partners access to their data and systems for decades now. As the world has gone digital, this access has expanded – good news for both sides. Unfortunately for retailers, the headaches of partner identity and access management (IAM) have grown right along with access.
Retailers struggle to provide their partners secure access to the apps and data they need, while enabling the partners to manage their own identities. Common pain points for retailers:
- Cost. The cost of managing thousands of partner IDs and passwords is very high. In fact, 25% of help desk calls are password related according to Gartner. Manually adding new users and dealing with password resets consumes a lot of time without delivering real value.
- Risk. Retailers often have no idea how many of their partner identities are still active, valid users. One large retailer discovered that out of over a million identities, only about 300,000 were active users. This poses a huge risk and has been the cause of more than one global breach.
- Adoption. Some retailers try to solve this problem on their own with various solutions, but time after time, they found that partner adoption was much harder than selecting the right solution. With so many partners, located all over the world, retailers need a comprehensive program that makes adoption very simple.
- Meeting diverse needs. Finally, from an identity perspective, partners typically fall into three distinct buckets according to their existing technical infrastructure, and the solution needs to be able to handle the needs of all groups easily, securely and reliably.
For a large retailer, this means that they have thousands of suppliers that represent potentially millions of users they must maintain user ids and passwords for across several applications. Each time a partner is brought on board, they must provision users manually across several systems and users are tasked with managing many logins and passwords. This leads to password resets and management. In addition, when a user leaves the partner organization, the retailer likely does not know they should inactivate that account, so an inactive account is maintained increasing risk of compromised credentials and breach.
With the right partner identity solution, the retailer’s partners manage their own identities, no matter what their level of technical sophistication. The solution features secure, federated connection to the partner portal. Best of all, users are automatically de-provisioned once they leave the partner. This is a huge benefit for the retailer. Also, single sign-on (SSO) provides seamless user experience for partners’ employees, a much-needed improvement.
Small partners with no Directory or SSO capabilities are given quick and simple access to federated sign-on and user management capabilities on the cloud. This allows them to get users set up quickly with an SSO portal to the retailer’s supplier portal.
Medium-sized partner companies, on the other hand, that have their own directory (usually Active Directory) but no SSO capabilities can easily gain SSO access through the cloud-based SSO while bridging back to their own directory for authentication. This allows the users to be up and running with SSO to the retailer’s portal in minutes while keeping their identities in their own directory.
Finally, the retailer’s large-enterprise partners that have federation solutions in place (such as ADFS, Ping and Okta) can easily set up a SAML connection to the cloud service such that their existing SSO system authenticates users and gives them access to the retailer’s partner portal.
With the complexity of the retail world today, retailers need Partner IAM to help reduce the cost and risk of managing a diverse set of global suppliers and partners. To go without such a solution opens the door to the nightmare of data breaches.