Identity and access management commercials: What your publishing business needs to know about IAM, SSO & more

How are issues of access and identity managed at your organisation? At first glance, issues of identity and access are easy to sideline, but they are crucial to customer experience, security, customer retention, and more. Especially in publishing, identifying users is essential to good digital content management.  

If people can’t quickly log in to your content portal or identify themselves as subscribed readers when accessing your latest digital publication, they are unlikely to review your products highly. In short: a poor IAM system will cost you time, money, and customers. 

A quick intro to identity and access & why it matters  

In today’s world of hybrid work, access and identity management are essential for keeping company data secure and allowing for efficient remote working. But IAM issues are not just for the internal flow of information, they are also essential for customer-facing online resources and digital material. In the publishing world, a good sign-on experience is key to managing online materials, especially when they are scattered across multiple domains and e-reading apps. 

Even though identity services and access protocols have been around for a while, they are still not well understood. They get often overlooked in business strategy, despite their pivotal role in building customer relationships, so let’s look at them in more detail, and how your business can upgrade its current set-up. 

Explaining IAM (Identity and Access Management) 

Identity and access management often go together, but they can also be managed separately. 

Identity management refers to the process of checking a login attempt against an up-to-date database and authenticating the login. Authentication matches personal user information such as name, email address etc with a username and password. You may also have multifactor authentication (MFA) or two-factor authentication (2FA) as part of your identification process.  

Access management is the next layer up: what a specific user who has identified themselves has access to. Again, there is a database to control who has access to what.  

In a commercial setting, offering a good identification, authentication, and access experience is key. The end-user has high expectations here: after all, if you have paid for a service, you don’t want accessing it to be difficult. Digital subscriptions revolve around good IAM that gets people off the sign-in page and into the content stream quickly. 

Microsoft has a good IAM guide if you want to learn more!  

Role of user and access management in business 

Think of it like this: if your user has a difficult time logging in, or cannot figure out how to do it, they are likely to get frustrated. 

At the same time, if your systems are not robust, you might lose out on essential user data and the ability to maximise on marketing opportunities; by not asking for email marketing consent, you may not be able to market subscription upgrades.  

Security-wise, issues of data protection rear their heads in all IAM processes, so you need to take issues such as GDPR and data protection into account when designing your IAM workflows. 

What publishers need to know about IAM? 

We have experience of developing licence and user services for our publisher clients, so we have a good idea of what works for publisher and any brand who manages online material. 

When designing or reviewing your own IAM processes, think of the following: 

• Firstly, what data do you need from your users? 
• Do you just want them to identify themselves, or remain anonymous? 
• Do you need their email, addresses, phone numbers etc? Remember: you may want these to offer personalised services. 
• What about metadata and user history? If you don’t collect any, you won’t be able be personalise the experience and offer recommendations, notes, reading history etc. This could bring your UX score way down. 
• What about demographic data? 
• What kind of sign-in methods do you want to use? Do you want users to have a username and password, or link to existing Microsoft 365 or Google logins? 

Think about what you really need and don’t over or under collect data.  Forms may lower conversion rates, but they can also be a vital tool for capturing marketing data. 

Note: IP logins are a popular access management method, but they are not great from a user management perspective, as there is no identification method. This is something we are trying to move away from. 

Benefits of the single-sign on (SSO) method 

One popular recent model is SSO as this way one account takes you to all the products and services of the brand. One account = access all areas. SSO gives you the possibility of marketing different kinds of content and re-marketing existing content by offering different user paths. Security Assertion Markup Language (SAML) is what enables SSO. 

SSO requires a relationship between the service provider (the website, the application) and an identity provider. SSO flow in a nutshell: 

1. User attempts to access the desired website or material  
2. A token is sent by the service provider (website) with identifiable information to the SSO system (the identity provider) 
3. If the SSO finds that the user is already authenticated, it will grant access 
4. If not, there will be a log-in prompt, often a username and password or an OTP (one-time password) 
5. Once the credentials are validated, a token will be sent back to the service provider to confirm authentication (the token will be passed via the user’s browser) 
6. The service provider and the identity provider co-validate the log in, and the user has access!  

Once configured, SSO systems are very efficient. In our work, we offer identity and access management solutions as part of TimeGate, including SSO. These software solutions are especially calibrated for publishers. 

Some of the benefits of using SSO: 

• More streamlined login system = less support tickets 
• A unified customer experience, 
• Easier GDPR compliance 
• Improved password security  
• Smarter use of resources and data  
• Easier to revoke access and update records 
• Sign-on flexibility and scalability: you can easily add new services  
• Breaks down unnecessary services silos.  

SSO makes for a secure choice and often makes it easier to manage GDPR, as you can manage one customer database. You don’t have to manage multiple customer lists, and customers themselves also won’t have multiple sign-ins and passwords to manage. SSO is also platform agnostic, and it can be used by all services as it runs through a separate identity provider system that is not strictly integrated into any one service. It exists in its own secure silo.  

Especially in publishing, the user journey can be very fragmented and disjointed as brands tend to have different websites and apps for e-books, e-learning portals etc, often with a sales-oriented website fronting a more technical backend. Historically, all these different services may have had different databases and required different logins – something that becomes very hard to manage. A lack of consistency in the customer journey is a customer experience killer, and SSO helps combat that. 

As an organisation, you can also have an organisation administrator account to help you manage organisational log-ins – especially important for educational institutions. 

Remember: SSO is a good system, but no system is perfect in everything. You need to always maintain a proactive approach to security: encourage good password hygiene and use two-factor authentication. Smoother systems and less silos are helpful, but they are not everything when it comes to cybersecurity. For example, SSO is often touted as secure as it allows for one very strong centralised password, but that only remains true if the password is truly strong.  

The tech behind our TimeGate SSO: Azure Active Directory BC2 

TimeGate uses the efficient and scalable Azure Active Directory B2C to offer a user management system for our clients who operate in B2C markets. Working in the Azure ecosystem has synergy benefits and Azure AD B2C is a trusted CIAM (customer identity access management) system that can support millions (even billions) of users, so it is a great option for enterprise systems. 

As with a lot of Microsoft infrastructure, the scaling and safety aspects are world-class, with lots of built-in automation, monitoring, and reporting. We can quickly troubleshoot and investigate when log-in attempts are taking longer than they should. 

Another useful feature is the ability to integrate with lots of other APIs and data sources to enrich and enhance your identity management. For example, your Azure AD B2C can easily hook into your CRM or e-commerce platform.  

You can also benefit from strategies such as progressive profiling, where users are encouraged to share relevant information in an incremental way. 

Having a secure system like this will provide a lot of reassurance, but you should still have a robust cybersecurity strategy in place. 

Note: TimeGate can also be used as the licence gateway for access management, or it can be integrated to another licence or access management system. User and identity management integrated with licence management can be a smooth model for some publishers who want tightly controlled systems. 

Bringing your business up to scratch with SSO 

• The first thing customers do with your business is registration. This process has to be easy and smooth.  Remove user friction with SSO. It might even help you push the user towards your other services and increase conversions as the barrier to upgrade is lowered by easier processes. One log-in also makes it easier to manage account details and subscriptions.  
• The old way of doing things where data was being sent from one service to the other is not very data protection friendly. In contrast, a SSO session is ongoing and uses a secure token that means no more shared passwords. This gives everyone greater security and safety. 
• Using a modern method like SSO that brings all your services under one log-in also improves service scalability and longevity: now you can create new web services and add others to the mix much quicker, just integrate them to the sign-in service.  
• SSO also has some good user management options, and it is very easily made into a platform agnostic solution model that can be integrated and used with anything. SSO is also a better process for IT teams – less systems and processes to monitor, making it more efficient.