Modernising Customer Identity for Financial Services

20 October 2021

The Client

Our client is an FTSE 100 global investment management organisation headquartered in the City of London.  It invests and manages over £350 billion in assets on behalf of clients including equities, fixed income, and real estate.

Our client’s vision is to become the best-loved and most successful savings and investments business.  Their purpose is to help people manage and grow their savings so they can live the life they want while making the world a little better along the way.


The Challenge

Our client was looking to modernise their customer identity system – their digital front door to the business – with key requirements for high-level security and an excellent customer experience.  Customer growth and retention were key business drivers for change.  Through a new and improved identity and access management (IAM) solution, their customers will have a simpler and more secure way to access their services and accounts.

The Solution

Through a Proof of Concept (PoC), Condatis demonstrated that Microsoft Azure AD B2C could meet all of our client’s requirements and desired use cases, including:

Progressive profiling

Progressive profiling is a technique for gradually building up a profile of your customers each time they interact with your product.  For this client, this functionality will allow them to keep questionnaires and forms short and increase landing page conversion rates whilst also providing security insights and enhancements.

User Migration

Our client wanted to be sure that any new Customer Identity and Access Management (CIAM) service could securely consume existing customer identities from legacy data stores. User migration to the new service should also have the flexibility to be completed either in bulk (all at once, usually during a quiet time outside of normal working hours) or just-in-time as and when a customer signs in using the new service for the first time, transitioning seamlessly for the customer.

Fraud management, analytics, and reporting

Security and fraud prevention along with telemetry for monitoring and reporting is essential for our client. For this use case we configured and demonstrated the capabilities of Azure AD B2C and its capacity to surface insights into Microsoft Azure Sentinel (a scalable, cloud-native, security information event management (SIEM) tool.

This functionality also allows our client to automatically track and review the risk of attempted login by geographical location, using conditional access rules to apply additional security steps when necessary.

Federated Single Sign-On (SSO)

In this use case, we demonstrated the ability for Azure AD B2C to federated into multiple client applications using standards-based authentication including OIDC, SAML 2.0 and OAUTH 2.0.

Additionally, the ability for Azure AD B2C to leverage external identity providers including integrated software vendors (ISVs e.g., Experian) and multifactor authentication providers (MFA, e.g. Twilio) was also included.

Forgotten Password Journey

This final use case focused on the forgotten password journey – a user flow that is often frustrating for users and a target for bad actors.

The PoC demonstrated that with Azure AD B2C the user can quickly and easily reset a forgotten password, ensuring the correct password strength is adhered to and MFA is utilised to ensure the correct level of assurance is obtained during the process.  Additionally, it was demonstrated how a user might also easily change their password when already logged into the service.

The Outcome

The proof of concept and demonstration delivered by Condatis helped our client validate Azure AD B2C meets all the requirements listed against their key use cases.  This assurance and insight of further flexibility and wider integration into other Azure and external services provided our client with the confidence to select Microsoft Azure as the technology platform of choice for customer identity and access management.


  • Client-side SDK for API based integration
  • API based support for CIAM functionality
  • Progressive profiling capabilities
  • Password policies
  • Fraud management for user risk assessment
  • Device fingerprinting
  • Identify proofing and verification
  • MFA
  • Consent management
  • Integration capabilities

Get more content like this straight to your inbox

Please leave your details below to subscribe and receive case studies, news, and exclusive invitations to events.