Modernising Customer Identity for Financial Services

The Solution

Through a Proof of Concept (PoC), Condatis demonstrated that Microsoft Azure AD B2C could meet all of our client’s requirements and desired use cases, including:

Progressive profiling

Progressive profiling is a technique for gradually building up a profile of your customers each time they interact with your product.  For this client, this functionality will allow them to keep questionnaires and forms short and increase landing page conversion rates whilst also providing security insights and enhancements.

User Migration

Our client wanted to be sure that any new Customer Identity and Access Management (CIAM) service could securely consume existing customer identities from legacy data stores. User migration to the new service should also have the flexibility to be completed either in bulk (all at once, usually during a quiet time outside of normal working hours) or just-in-time as and when a customer signs in using the new service for the first time, transitioning seamlessly for the customer.

Fraud management, analytics, and reporting

Security and fraud prevention along with telemetry for monitoring and reporting is essential for our client. For this use case we configured and demonstrated the capabilities of Azure AD B2C and its capacity to surface insights into Microsoft Azure Sentinel (a scalable, cloud-native, security information event management (SIEM) tool.

This functionality also allows our client to automatically track and review the risk of attempted login by geographical location, using conditional access rules to apply additional security steps when necessary.

Federated Single Sign-On (SSO)

In this use case, we demonstrated the ability for Azure AD B2C to federated into multiple client applications using standards-based authentication including OIDC, SAML 2.0 and OAUTH 2.0.

Additionally, the ability for Azure AD B2C to leverage external identity providers including integrated software vendors (ISVs e.g., Experian) and multifactor authentication providers (MFA, e.g. Twilio) was also included.

Forgotten Password Journey

This final use case focused on the forgotten password journey – a user flow that is often frustrating for users and a target for bad actors.

The PoC demonstrated that with Azure AD B2C the user can quickly and easily reset a forgotten password, ensuring the correct password strength is adhered to and MFA is utilised to ensure the correct level of assurance is obtained during the process.  Additionally, it was demonstrated how a user might also easily change their password when already logged into the service.