Summary
This blog will explain CIAM (Consumer Identity and Access Management) Principles/Best practices to develop an Android-based MobileApp and how IBM Security Verify IDaaS SDK/APIs help to adopt these best practices to create best consumer experiences in Mobile channel.
Description
CIAM - Consumer Identity and Access Management is key focus area by many enterprises/brands in their digital transformation journey. Especially Mobile App is widely used digital channel to reach out different consumer bases in all industries. In MobileApp development, mobile developer needs to understand who is going to use the MobileApp and what kind of experiences users will go through.
- Consumer Experience is the key to reduce app churn
MobileApp users act as a brand advocates and promote the business growth if in-app consumer experience is at its best and met their expectations
- Security and Privacy is NOT optional!
Modern consumers assume the security and privacy of their PII data provided to brands. Brands have to ensure highest standards and compliance while capturing, storing and dealing with Consumer data in order to meet Privacy laws and regulations across globe.
IBM Security Verify IDaaS helps to develop best consumer experiences in consumer facing channel applications. TrustMeInsurance is considered as a sample consumer brand here which interacts with its consumers through Web and Mobile channels. This blog explains how-to steps to adopt CIAM best practices and key principles in Mobile channel using IBM Security Verify.
Technologies
- Mobile Development
- Privacy
- Security IAM
Flow Diagram
- User installs tmiMobileApp and start using App with one or many of usecases listed below.
Login |
Profile |
Quote & Policy |
Sign-up |
Self care |
Create a Quote |
(Social) Login |
Consent recordings |
Consent usage for PI data processing |
QR login |
MFA enroll/de-enroll |
Strong MFA - Push verification |
Forgot password |
Change password |
— |
|
|
|
|
|
|
- tmiMobileApp uses Verify SDK/APIs to make calls to respective components in IBM Security Verify IDaaS platform to create the right consumer experience in given usecase flow.
- User installs and registers IBM Verify App authenticator app as a MFA choice with Verify IDaaS and start using it to approve push verification requests.
- IBM Verify App makes calls to registered Verify IDaaS to verify the push verification with or without TOTP or bio-metrics.
Pre-requisites
- IBM Security Verify IDaaS Tenant
- Android Studio IDE
- Mobile Phone OR Android Studio Emulator
Instructions
In this section, CIAM principles/best-practices are listed along with high-level steps to adopt in MobileApp.
(A) Silently registering consumer identity
Step 1 : Set up Android Studio with tmiMobileApp project; Follow the detailed instructions given here
Step 2 : Gather minimum information required like consumer’s email-id to initiate brand journey like Get a Instant Quote flow in tmiMobileApp; Refer the code to capture the first-hand consumer info
Step 3 : Create a user account silently in Verify tenant and send an e-mail to Consumer about account creation and instructions to login to brand mobileapp/website; Refer the code to create a User in Verify tenant.
Step 4 : Run the emulator to launch the app to see this Usecase working; Click here to know how to launch emulator
(B) Progressively profiling consumer data along with Consents
Step 1 : Set up Android Studio with tmiMobileApp project; Follow the detailed instructions given here
Step 2 : Capture consumer’s consent as and when his/her PII data is captured in the transaction flow; Refer the code to see how Consents are captured along the way in Get Home Quote page
Step 3 : Provide options to modify the Consents through User Profile page. Refer the code to manage the Consents.
Step 4 : Run the emulator to launch the app to see this Usecase working; Click here to know how to launch emulator
(C) Enabling Self serviceable MFA/Social login choices
Step 1 : Set up Android Studio with tmiMobileApp project; Follow the detailed instructions given here
Step 2 : Enable security preference options in User Profile page for consumers to enroll the MFA method(s) they prefer. Refer the sample code to enroll MFA choices
Step 3 : Enable Social login with popular Social identify providers to provide friction-less consumer experience. Refer the sample code for the same.
Step 4 : Run the emulator to launch the app to see this Usecase working; Click here to know how to launch emulator
(D) Providing transparency in processing consumer’s PII data
Step 1 : Set up Android Studio with tmiMobileApp project; Follow the detailed instructions given here
Step 2 : Apart from providing options to add/remove Consents, brand needs to provide greater transparency in dealing with PII data which will in-turn increase the Consumer’s Trust level to newer height. Refer the sample code to show case transparency while processing PII data in Policy Issuance flow
Step 3 : Run the emulator to launch the app to see this Usecase working; Click here to know how to launch emulator
(E) Silently securing consumer’s interactions by Adaptive access combined with Strong MFA authentication
Step 1 : Set up Android Studio with tmiMobileApp project; Follow the detailed instructions given here
Step 2 : Asking for additional authentication during critical business transaction is must. Refer the sample code which leverages Push verification method through Verify Authenticator App as additional layer of security in Claim Request flow
Step 3 : Providing risk-based context-aware authentication is another key aspect in providing friction-less consumer experience. Refer the sample code here. This feature is not implemented in tmiMobileApp
Step 4 : Run the emulator to launch the app to see this Usecase working; Click here to know how to launch emulator
Related links
Blog Authors & Developers : Sivapatham Muthaiah & Saloni Rathi