adesso Blog

Customer Identity and Access Management (CIAM for short) is an umbrella term for all measures relating to the creation, management and deletion of digital user identities and access management to digital services. I have already explained what is meant by CIAM and what forms and procedures there are in my blog post „Who am I? Identity verification in transition“. In this article, I would like to focus on one type in particular: central CIAM systems that enable identity and access management across various applications within an insurance company. The focus will be on how insurance companies can positively influence the customer experience with the help of such systems.

In this context, a central CIAM system is understood to be a central application that is used to store and manage the digital image of a user (usually an online account) and to control access to this image. The user can be granted access to various digital applications and services of the insurance company via this system.

Why should insurers consider a centralised customer identity and access management system?

When you think of identity and access management and why a company should concern itself with it, regulatory reasons usually come to mind first - and rightly so. Regulations such as the EU General Data Protection Regulation set out clear rules regarding the aspects under which personal data may be stored and that it must be protected from access by third parties. Industry-specific regulations such as PSD2 in the financial sector (and therefore also in connection with certain life insurance policies) require mandatory two-factor authentication for access to online financial transactions. I therefore agree that insurance companies need to address this issue for regulatory reasons alone. The main aim is to avoid negative effects such as bad press and high fines.

However, I believe that centralised identity and access management can also offer opportunities for insurers by improving the user experience and opening up new sales potential. In my view, it is therefore worthwhile for insurance companies to take a closer look at the topic, regardless of regulatory requirements, in order to realise positive benefits in addition to avoiding negative effects.

How can centralised identity and access management bring added value for the user?

In order to increase customer satisfaction through centralised digital access, it is initially important that users can create such an account as easily and quickly as possible, but also while maintaining the necessary security levels (see also "Digital onboarding - the path to becoming a digital insurance customer" ).

However, this initially only improves the user experience for those who create an account anyway. In order for CIAM to have a lasting positive impact on the user experience, users must be able to recognise that the existence of this access also offers real advantages when using the insurer's digital services.

I see two basic groups of usage improvements: direct and indirect effects. By direct effects, I mean improvements that result directly from and during the use of the access, while indirect effects are based on the data that is stored and managed in this digital access. In the following, I will give some examples for both groups. It should be noted that users have different needs. For example, there are those who prioritise the greatest possible convenience, while for others, precise control over their data is particularly important. It is important to find the right balance here in order to fulfil the requirements of both "extremes".

In the group of direct user improvements, I believe that single sign-on (SSO for short) should be mentioned first and foremost. SSO means logging in to multiple services once so that you can switch seamlessly between these applications without having to log in again. For example, if users log in to their customer portal and switch from there to a damage report, they do not need to log in again as the SSO takes over authentication for the new application. Technically, this can be realised with the OAuth 2.0 framework, for example; older implementations are often based on SAML.

The same example, i.e. jumping from the customer portal to a claims reporting route, also illustrates another direct advantage: the pre-assignment of data. Since the claims notification route can also access the data from the central access from the customer portal, it is possible to pre-populate a large part of the data fields to be filled in the claims notification with the data from the online access and also to make the linked contracts selectable as a drop-down. In order to meet the requirements of users who attach particular importance to checking their data, a query could be added to ask whether they agree to a data transfer.

These direct user improvements are already standard in many areas with extensive online services and should therefore also be offered in connection with digital insurance services in order to avoid a negative user experience.

A less common improvement to the user experience so far has to do with the login itself, more specifically the password. One of the most common problems associated with online access is forgetting the associated password. The usual solution is to offer a password reset process that is as simple yet secure as possible. A good and understandable approach - but what about not using a password at all? There are now various options for this too. In the field of apps, for example, access via biometric features is known as a password replacement. With the help of authenticator apps, such procedures can also be used for normal web applications.

The consents given by users (e.g. advertising consents) can be used in various contexts and applications if they are formulated accordingly. This helps both the users, who are not asked for their consent again for every digital service, and the insurance company, which can use these consents in different contexts. For example, an advertising consent given as part of a claim notification for a motor insurance policy could also be used to draw customers' attention to a new digital insurance policy (e.g. "Luckily it was only property damage. Are you sure that your relatives are adequately insured, otherwise it wouldn't have turned out so badly?"). This is an example of an indirect benefit that a central CIAM with clean consent management can offer. A centralised cockpit can also be provided for users, in which they can specify what their data may be used for by the insurer and what they would like to be informed about.

Provided consent is always given, this also enables a more personalised approach to the customer and products that could be particularly suitable for them can be placed in a particularly prominent position. In this way, the insurance company can also potentially generate additional business and the customer can also receive more personalised digital advice.

What happens next?

The examples I have presented above are already being realised in one form or another by insurance companies in their online presences, so it can be a competitive disadvantage not to engage with them. As data is becoming increasingly important and valuable in a networked world, the tools for aggregating data and automatically deriving suitable solutions are getting better and better and an ever-increasing proportion of insurance customers take digital services for granted, I am convinced that the importance of this topic will continue to grow.

Would you like to find out more about exciting topics from the world of adesso? Then take a look at our previous blog posts.

Also interesting:

Save this page. Remove this page.