When your customer has customers: CIAM for B2B brands
If you're acronym savvy you may know that the “C” in CIAM stands for “customers.” But not all customers are individual consumers. Sometimes your customers are other companies (your basic B2B model).
If that’s you, the people logging in to use your services or purchase your products are their employees or even subsidiaries.
That’s where things get interesting.
B2B vs B2C CIAM
In short, what makes B2B CIAM use cases a bit more colorful than their B2C counterparts is the nature of your relationship to your customer. Specifically, in a B2B use case, your relationship is with another company (not an individual).
But companies don’t sign in. People do.
That means your customer transfers to their employee the right to do business with you for a period of time. Whenever their employee changes roles or resigns, your customer (the company) needs to remove their rights.
Let’s look at an example.
Let’s say you manufacture automotive electronics and your customer is a retail chain called ACME Auto Parts, which has 10 different stores. Each ACME store orders their electronics from you. Your customer relationship is with ACME corporate, and someone in their organization needs to grant access to your customer portal to the 10 buyers at their stores.
That’s fairly straightforward, but B2B CIAM can get a good bit more complex. What if each store had multiple roles – like a purchaser and an approver? Or perhaps each store has a different product catalog.
In a B2B CIAM deployment, you’re not only managing the organizational identity, you also need a way for your customer to manage their employees’ individual identities.
Now you’ve got a new layer of authentication, authorization, and administration – not to mention branding. When an ACME employee signs in to your website, they should arrive at an ACME-branded portal where they can only order products relevant to them.
While supply chain partners like this represent one variation on the B2B model, there are at least seven others, which we’ll get to below.
But first let’s talk about how much poor B2B CIAM approaches can cost you.
Building a business case for better B2B CIAM
Given all that complexity, perhaps it’s not a galloping surprise that even enterprise-scale companies are still—as in today— spending a lot to make their less-than-optimal B2B customer programs run. The thing is, those costs don’t show up on a single line in a single spreadsheet.
If you want to calculate what you’re spending, here are a few rocks to go look under.
Engineering and maintenance
Whether or not you’re using a commercial CIAM solution, chances are, you’ve got a small team of developers building out all your user management requirements and maintaining the custom code you already have. Perhaps you’ve even got an external consulting firm working on this.
This is usually the biggest cost and the one your CFO will understand at a glance.
Manual process costs
No matter how good your code is, there’s almost always some humans in the loop to make sure the onboarding/offboarding process is running smoothly.
For example, if you’re an insurance company and you recruit a bunch of new agents in a new territory, you probably need an admin to create accounts and roles for those new agents. That takes time. Add in the need to update accounts as agents and their employees come and go, and now you’re employing an admin full time.
Poor customer experiences
This one’s a bit softer and (for most B2B businesses) doesn’t fit neatly into a cell on a spreadsheet. But if the online experience for your business customers is a pain in the neck, your reputation can take a hit. If it’s really unfriendly and you’re in a highly competitive market, your customers may defect to your competitors.
The cost here is harder to measure, but it’s real money.
Risky access rights
When employees leave a company, the IT team tends to be pretty quick about turning off access to their email and such. But supplier portals are often managed at the department level. If that’s a manual process, recently departed employees may keep access for weeks or months.
That’s not a problem in the B2C world, but in a B2B scenario it can put your company at risk.
CIAM for B2B brands
It’s all about the (B2B) customer relationship
Since B2B CIAM deployments really boil down to the relationship your customer has to their employees and their customers. To get it right, you really need a B2B CIAM solution that can adapt to different organizational models.
Remember our insurance example? Each agency may have multiple agents who serve a unique customer base. If you need to manage identities and access for those customers, that’s what you might call a B2B2C model.
Take another example: most home rental sites like Airbnb, VRBO, and others provide a different experience for homeowners and renters. Plus, some of the renters are real estate agents representing multiple properties.
You might think of this as B2B2B. (And you might find yourself understandably tired of acronyms).
Most B2B CIAM examples fit into one of these eight B2B CIAM scenarios.
Features you need for good B2B CIAM
Now that you know how B2B differs from B2C when it comes to CIAM and you’ve hopefully identified the use case that best fits your business, let’s talk about what you need in a CIAM solution.
Here are the top 6 capabilities it takes to untangle the knot of B2B CIAM.
1. Organization and role management
This is by far the most important capability for B2B CIAM solutions. Since B2B relationships are hierarchical, the B2B CIAM solution has to align to – and intuitively represent – your customer’s org.
This means supporting different types of parent-child relationships between orgs and their associated user accounts. It also means having strong role management so that administrators can define the guardrails for what would otherwise be a mind-boggling combination of multi-level access controls.
2. Delegated administration
This one is a close cousin to organization and role management. Once you’ve got all your roles assigned, managers need a way to let others on their team perform different tasks (aka delegate access).
Going back to that auto parts example from earlier, if the person who usually places orders goes on vacation, the store owner will need to delegate those rights to someone else so they can keep the pipeline flowing.
3. Federation from anywhere
When your customer is another business, they may have their own identity provider (IdP) that allows employees to login and defines their access. Common examples are workforce SSO providers like Okta or Ping Identity.
This means your B2B CIAM solution needs to be able to integrate with that 3rd-party identity provider,and use their federated identity to securely let them in.
4. Self-service partner onboarding
In the B2B world, the most common onboarding process by far is a manual operation – one involving emails, spreadsheets, and other inefficiencies and choke points.
A good B2B CIAM solution banishes the endless email-back-and-forthing and lets you turn customer and partner onboarding into a self-serve process. For example, as part of an onboarding process you may want to send a group of new individuals a secure link that guides them to a secure web form so they can register their own account. Any good self-service functionality should extend to account maintenance as well so individuals can recover an account in the event of a forgotten username or password or change the information that the parent organization may be holding about them.
5. One-stop auditing
Companies are subject to a lot more regulation (and audits) than an individual consumer. When the auditor comes calling, your B2B CIAM solution should make it easy to quickly find what you need.
The key here is comprehensive audit trails, logging, and reporting. And it’s all gotta be in one place. If you’re hunting across different products, different admin interfaces, and databases to connect the dots of user logins and actions, stop!
Then go find another B2B CIAM solution.
6. Manage multiple brands in one place
Most larger companies operate in different countries, have multiple product lines, and even maintain different brands. For example, the hospitality company Marriott operates Ritz-Carlton, Sheraton, and more than a dozen other hotel brands. A B2B CIAM solution needs to be able to offer up brand-specific experiences for each offering without requiring you to install and maintain a different instance of the CIAM product for each brand.
Thinking about B2B CIAM?
If you’re a B2B firm looking for a CIAM vendor who can lean into the complexities of your business model (and who speaks fluent acronym), Strivacity is here to help.
Our solution is uniquely engineered to put you – and your customers – first.