Thank you. I think, yeah, no, I would say thank you. And then over hand over to Marco. Not to you Paul.
Anyway, so Marco, I would say we start with you introducing yourself, what you're doing, and then we sure move from there.
Absolutely.
So, well first of all, thanks for being here on almost one of the last few sessions in the, in this very nice event. I am Italian in terms of where I live, but I have an international role in identity management for the last 22, 23 years in different different companies. Corporation, startup corporation, again, startup again. And this is my third corporations for those of you old enough, I started at Novell doing delivery of identity management solutions for a number of years. Very solid, very robust technology still with us with different names.
But then entering the governance space in a startup in Italy later to be acquired by IBM Second Corporation after a few years of traveling the world for IBM in identity and access roles, in terms of product management and or field CTO, I went into another startup again this time on the access side, on the Siam side more, more specifically named one welcome one and a half year ago, again acquired by Thais. That's what is the brand on my, on my current badge.
Long story to say that I had the pleasure over a number of years to meet many customers, many partners, many system integrators in different countries, in different industry. And of course I assisted to a lot of changes and this is maybe one of the reasons why we're having this conversation today.
Okay,
Yeah. So I'm Martin Inger. I think probably all, everyone of you knows me, so I don't say much. May maybe the only thing is I'm even longer in the identity management space than Marco, but novel also is, is part of my early days. So I think I started in the late eighties, early nineties with things like early land manager and network three and stuff like that. And that was basically where, where my identity journey started Penan wines for the ones who are really around very long, things like that. So good old days.
And by the way, it still happens to me sometimes when I talk with people that, that I end up with saying novel instead of net IQ or whatever else.
Yeah. So some legacy here. And maybe just to say if there's any questions, are any questions you have, then raise your hands to the online audience. If there are any questions, enter them into the app. Paul will carefully track the app and then inform us when there are any questions. Yeah.
And the topic for today, when you, when you look at the long title and the long description, so basically you see, okay, there's an impact of generative AI because the titles of EIC of the sessions became longer than the in earlier years and the abstracts became longer. But basically the essence of it is like, like Paul said, it's B2B identity management. And what we wanna do for the next almost half an hour is to, so to speak, exchange our thoughts a bit on, on this end. So it's probably more a talk than an interview session.
And anyway, I'd like to start with a question, and that is to Marco, why do you feel we need to talk about B2B? Im specifically having consumer, IM having, I am for workforce.
So why, why do we spend half an hour on B2B? I am.
This is a, this is a, so thanks for the question because this is allowing me indeed to clarify why us at Tallis. But in a broader sense, a few of us in the vendor space are looking at B2B as a sort of emerging space or a converged space, I should say B B2B, something that we bumped into that emerged a few years ago, maybe 20 18, 20 19. I was back then in a company which was selling identity governance solutions. And we were getting a ref IRFP more and more where, oh yes, I need to manage users.
I need to delegate and, and and deliver access to them. And I need also to manage the registration process or don registration process. This is not something belonging to IGA, there's no IGA cover of that. So we need to add another solutions to cover that. Two years later, I was now in a SIAM company and we get the opposite thing. So we need to onboard users, and then once the user onboarded, we need to delegate somebody in a, in an office to manage other people to be delivered access.
And we had the same thing, meaning falling short in terms of capability that we were now providing on another side. So why this was happening? Because there was an emerging demand of a converged use case, which is including at the same time an onboarding need and a delegation management need, which is more belonging to the
Governance. Yeah.
And, and I think what comes in addition to that is there's not trust B2B, it's not, so, I, I personally believe that the B2B use case are the most complex ones. So workforce is not, not easy because you have a lot of different entitlements, et cetera, but it's almost the same, so to speak. Consumers also, yes, every consumer sees a bit different things, but it's relatively homogeneous. B2B has so many flavors.
So you start with the contractors, which are very close to workforce, and then you have a lot of other people, like people from suppliers, people that are in a project for a longer while people that are just coming in for a single project, people that need a one time teams access or whatever else. So you have a, a broad range of different use cases. And I think this makes workforce identity so complex.
And also when I go back to, to my history, I remember the very first time we did an advisory project, a co call analysts.
So this was the time where, where IIGA basically was always said, oh, it's trying to move a lever, which always was a bit oversimplifying, but, but anyway, there wasn't the situation or we, we, we run the supply or the, the, the externals through our SAP HR system. And I said, so you better have multiple on onboard multiple sources at least where they come, come in from. Because the SAPR is really not a system that is built for managing your externals aside of the costs you have associated with.
And, and also back then, and that is, well, almost two decades ago we had this scenario where, where, where factually we had a need for for a B2B or or treating externals differently than the workforce. And I think so, so I think we are very much on the same page that this is an area which is, I think the, the challenge has been here for long. The attention and the idea that this could be probably or should be treated differently is still relatively new.
I totally agree and I would probably elaborate a bit further on what you just touched upon, right?
Of course, identity started back in the day on the B two E angle looking inside for cost security compliance reasons. And in a, in B two E, you have the notion of HR system as the authoritative source for identity. If you are in the HR system, there's been already some background check that led you to be there. I just trust that your identity is a legit one. Okay? That's not what happen when you now have contractors because of course I don't have that. Okay.
I need some form of validation that you all a legit user, and this is typically redirected to some manager, and this is a narrative around importing contractor. B2B is adding one more thing. It's not just about onboarding external people, but it's about onboarding an external organization which include people. So it's a nested problem. There is one more ingredient to be onboarded. There is an onboard, an organization onboarding, and then people belonging to this organization need to be onboarded again.
And,
And there are two other elements, especially when we look at today's requirements around supply chain security. It's sometimes not only the next tier we look at, it might be even more than the tier.
We, we need to understand, we need to have a look at. And the other element is the way we handle externals is much more diverse than we handle workforce. So you have a departmental manager and the department manager, mental manager basically cares for the people in his, her department for workforce. That might be a project manager, that might be the departmental manager of the, the area where the project is in that might be really different persons which are involved in this process. So also these processes look different and they are more complex.
And I think this is a, this is really a very important thing to understand that we, at the end of the day, I, I'd dare to say that B two P identity management is significantly more complex than consumer identity management than, than the workforce identity management because it's much more heterogeneous, much more diverse in the, the way it looks like.
And there are all these things coming together. You said registration and, and onboarding of the people.
I think the, what started a bit earlier where, where we said we have more people who, who really are external, which may not touch the organization at all. So remote onboarding, this is right now a reality for everyone.
So it, that changed a bit, but I, I know these organizations which say, okay, we have an organization onboarding, which is DocuSign and a lot of other things filling all the forms, and then we have the people onboarding with remote identity verification and et cetera, et cetera. It, it is complex and it's usually not only one single use case. You have
No, indeed it is a proliferation, different needs depending on the nature of the B2B relationship or depending on the specific company.
So that, that's in the, I agree. So B2B is probably the I B2B, scenario B2B is not a solution name. It's a scenario is a, is a circumstance, is a, is a field
Scenarios probably scenario plural,
Probably plural, being Italian, we don't have that. So that's why I fall short.
Okay, thanks for that. So the thing is that indeed you might well have that, you say you are an insurance company, you have brokers, a broker is an external entity and broker keeps coming and going. So you add that with that broker, they have an IDP, you want to integrate them, federating them in the other broker is a very small shop. They have no such of thing, and you want to onboard them directly the old fashioned way with a, with an onboarding process, with some form of identity validation.
Those are brokers that need to be given access to some application that the central organization, the insurance company in this example is delivering, but they're very different onboarding process associated. Okay. But it's the same solution hopefully that is managing that diversity and is allowing for that value
At the, at the end, they all access the same systems. And I think this is where, where things come together, they all access the same systems and they access the same systems as your work workforce does, which means we, we, we need to get it.
And we have, you already touched on a bit implicitly the volatility. So, so if for the workforce, it means you come in and you have an relatively long average stay at an organization as an external depending on the type, but the average is in any case, even for a contractor, significantly shorter. And also one thing to not underestimate is I think you can afford to have a bit of a bumpy process to onboard an employee.
Not ideal, but you know, I, I remember queuing and, and spending hours for being onboarded and then someone pays me and basically pays me for three or four hours of B2B onboarding process, which really just doesn't make sense. So, so I, I could argue, okay, it doesn't matter.
I, I get the money money anyway, but I don't feel, well, I don't feel really well with that. And I also feel it's a total waste of my time. So we also need to be really good in this processes because it's about money.
Yeah, absolutely. And it can even get worse than that. We assist a lot of the time to customers. We assist that we're having a B2B conversation because to speed up the onboarding process of, again, back to my example and not one more broker in a remote broker agency somewhere, you know what it takes forever. We just reuse my account. Yeah. And we are back to square one in the share account thing, which is of course a nasty, a nasty practice.
Yeah. But right now I think we, we talked, and I think it's very clear, we have a challenge here, which is bigger.
And that's good thing is, you know, I I'm the analyst, I I need you to analyze the challenge and then later on rate whether the solution you propose proposes the right one. But I I'm right now curious, so you're the vendor how to solve it. Yeah.
So how to solve that. This domain, as I said, bubbled up from real life experience listening to what the customer demand was evolving. Like this is not always the case. We have other case in identity where you have first the idea that precede the demand. DID is a good example.
Decentralized identity is coming by design and is then later becoming a field demand B2B came from the other side. Okay? So it was finding us unprepared, oh, sorry, closer to the mic. So what was the reaction as a vendor to that?
Well, I now know what is missing. So if you can do siam, you do already what is required from the onboarding flexibility for the validation for the authentication. If you have an orchestration solution, you can handle the diversity broker A versus broker B, which is also required. But there is one more thing, and the one more thing is that now we need to delegate access to leave somebody in that broker to be the one onboarding by himself, other people belonging to his own organization and managing them and managing the jaw removal lever process equivalent.
This is not what you usually find in any SIAM solution unless you build on purpose such a thing. Okay? And this is closer what we call delegation management. There is a proximity. What you could also define as light identity governance kind of capabilities about managing users for a business user persona, not for a technical admin, but again, in my analogy from a broker manager in a broker company, which is not supposed to be technical and need to be managed who does what in his own small organization.
That means that the way we express ourself is B2B is indeed the highest peak of complexity.
If you can do B2B, you can do SIAM two. It doesn't work the other way around. If you have a SIAM solution, you might be well missing a few more capability required to do a good job in the B2B space. Okay? Now that being said, there is a problem in this entire conversation, which is what we now call B2B is our definition, our language, but there's not yet a unified nomenclature okay for that.
So we, we, we still look at, I call that the lost in translation effect. So I still see in A-I-R-F-P, oh, we need a partner management solution, we need a partner guest account solution, we need the delegated external user onboarding. There is a rainbow of different definitions, which all come down into something that fits the description I just gave. Okay. It's only very recently that we start to see a bit of more convergence in terms of way to, to call the space. But I think we're not yet there in terms of mainstream
Adoption.
And, and, and I think a very important starting point for everyone looking at this is sort out the use cases. Look at which variants do you have, what is what you have, what, and then you, you, you may build a bit of a metrics where you say, okay, is this something where I need delegation? Do I need remote identity verification? What is the granularity of access? Et cetera. So you can probably then look at how, how, which of these are pretty similar then and which are really very different from other use cases.
So, but I think the first thing is really starting to look at what other variants, and then it can be relatively simple because you say basically it's, I have really the contractors and I have the people that come in for a project for a while, and that's almost it. And then you, then there are other areas.
So, so who of use from the pharmaceutical industry?
Okay, a few. When I look at the pharmaceutical industry, then you have an endless range almost of use cases because you have things like researchers from the universities, you have external specialists that come in for developing a certain type of, of, of medication or doing just parts in that, because they're the super data and modeling experts for certain things. You have your partnerships with other companies.
You have, you have so, so many different use cases at the end of the day when you look at, so pharma I think is a wonderful example of an incredible complexity of B2B identity management because it's really so many different variants and very complex Orion also from an access perspective, from the sensitivity of data, et cetera, that that is extremely difficult to solve. And again, the best point is really to look at what do I have and, and what do I have maybe also already solved in some way? Did I solve good?
Are there sort of residual challenges account of all these things are needed to be done? Are you saying we have a question or are you saying it's time to stop
Saying, it's time for you to stop just for a second, because we do have a great question from her.
I I, I don't know if I pronounce that right, but if there are only two IAM systems in the enterprise, one for enterprise IM and one for CIAM and no option to buy another one, should B2B identities be managed by the IAM for workforce or by the CIM? What are the advantages, disadvantages to deciding for or be? Sounds like someone wants a little bit of a mini advisory there, but should I?
Yeah,
Yeah, sure. Well that great question because that's indeed the part of the adoption pattern that we assist, we get that question a lot.
Oh, I already invested in an IGA solution, we are running this or that. So we are good to go. Aren is meaning where we can use that for, for tackling the B2B case.
No, you are not, you're completely missing a bunch of things, including the full onboarding, the consent, the terms and condition acceptance, which is usually part of course of a proper onboarding in a B2B scenario and the flexibility that I represents before in that company should follow onboarding different from that other, right, or the other way around. Well, I already have an access management solution, so I'm good to go.
Em, I I'm not No, you're not either because you don't have the delegation management piece. So if you already run these two components and the governance one feature a good level of usability, which is not necessarily often the case, you could consider an integration in between the two and you don't need another vendor, another solution. Okay.
I think I learned once a panel, a good panel lives from a bit of dis disagreement or from different perspectives. Let's phrase a bit bit, bit differently.
So, so what I would do is, so a couple of years ago we've, we've come up with what we call identity fabric. And some of you may have also got this cleaning tower for your glasses with the identity fabric on and our booth. So the identity fabric is basically give a paradigm to look at what, what is my holistic perspective on identity management, what I would do? And that at the end not necessarily is different from what you said, I would look at capabilities first. So which capabilities do I need? Do I have them in one of these solutions?
And probably it's then that you have to split across solutions if you have more than one. And is it a reasonable approach to then build on the capabilities that you have in more than one of these solutions in an an integrators?
Or at the end of the day, is it better to look for something which is highly specialized? Because this is really a decision you can make in a very, very structured and, and well thought out manner. But you may have all you need or not.
I think the, the more, and again, the more complex and the more regulated use cases are, the more sensitive use cases are, the more you may end up in things like, I need to integrate this also with qualified electronic signatures for signing or lesser qualified electronic signatures for signing and identity verification at a whichever level and things like that. But I think you, I really would start with again, looking at which use case do you have? What do you need for them? And based on these capabilities, track what you have, what not, and what is the best way then to approach it.
Okay.
We have another great question. This is about insurance broker onboarding.
So again, it's a scenario, imagine yourself being an insurance broker company selling policies of 10 different insurance carriers. How could I avoid going through 10 different onboarding processes for each of my employees?
Well, I don't believe there's a solution yet for that because that requires a unified approach across the industry. And this is not yet anything happening in terms of demand from the insurance.
I mean, that requires coordination.
Not always.
So, so I think we, we had probably almost 10 years ago, we, we had an application for the European Identity Award from Switzerland where they built something like that for really industry driven from an industry consortium for a wide range of insurance companies and insurance brokers. But you're fully right, it was an industry effort. If you're the the single insurance broker, then you most likely will end up exactly in the situation that you need to have a a, a range of onboarding process to do. I don't see really a simple solution of that.
No.
We, we again, eventually will be probably coming to these days is not yet there to these days we have that there is a sort of just like in Siam, right? Your digital reputation and the consumer is defined by the quality of the, of the experience that you deliver. If you do a good job, you score for yourself in our, and a better credibility, a better reputation.
You,
You, you need to answer the microphone a little, a little bit. Like in one of these entertainment parks where you have the microphone very, very close to your mouth.
Apologies for that. I'm more used to the other thing and this is yeah, thanks for reminding me on, on being closer. Martin
Doesn't usually need a microphone
Either, so I'm loud enough usually for, yeah. And so your reputation is for, on consumers is heavily depending on the quality of the, of the, of the experience you deliver.
To some extent this is also expanding into the go-to market intermediaries, meaning the broker in this case. So of course you're gonna get something similar. You are a topnotch, high-tech company also because you allow a small journey in working with us rather than with others. Okay.
Okay. Do we have any questions in the audience for the panel? Must be one. Did I dunno if these questions may have come from the audience. I dunno how they get there.
Yeah, we don't see if someone in the audience uses the app, we don't see it. Yeah. But
Okay, well I've broken the entire flow now. Yes. I was hoping there would be a question that there isn't, so I'm sure you can pick it up again.
Yeah,
Yeah. I, I I think, I think one topic we, we may touch is, is really how this may, may change over time. So I think we are currently definitely in a world where we, we need to, to look at the solution. So can we handle it with what we have? Do we need something in addition?
This is, I think the point is our whatever cm powerful enough towards the workforce to do it. Can we add something around registration? I think we have a, we have an opportunity.
We talked a lot about digitalized identity and you already touched it to do that simpler in, in the future because, and I, I think I had this sample also up in some of my talks or even the la last two years when I have all the credentials that say, okay, it's Martin, Martin is a c called analyst, and then he's at this company in a project, in this role then I have all I need to authorize and then I can probably do a lot of things much better based on, on pre pre-ver verification. But for now I think it, it is a daunting task and do it structured. But we have a question over here.
Yeah.
I can give you one topic to maybe elaborate on it about this corporate identity. So in one practical thing that's also in could be in many industries, but insurance in particular is how to establish this like a trusted communication channel between B2B. So not just about onboarding, but we often need to deliver something to the business where you are absolutely right. There are people behind also. So the problem seems to be so far unsolvable, like on a high level of trust, let's say.
Yeah, maybe some like a little bit lower level of trust would be also sufficient in many cases. But maybe can you elaborate on that?
Yeah,
So, so, so I think one thing we also must not follow, leave out fully is there are a couple of sort of very industry specific collaboration platforms which serve parts of that challenge. Not everything of it because they're mostly more focused on exchange or on on on offers and all these process. But there are, especially for the highly regulated industry such as life sciences and military defense, there are also some very specialized platforms, but it doesn't really fully solve it. Maybe Mark you have a bit more to add. I think we have one minute left or so.
Yeah, yeah. Well very, very concise indeed. Good point. There is an authorization problem that follows apart from the onboarding the, and trusting that you are you and you belong to the right company, then what are you allowed to do? Okay. There's an authorization follow on usually phase three part of this conversation, which is around contextual authorization injection in existing applications of what you can do because of where you belong to. Okay? But now we're entering the domain of the business application that we have been protecting with what we have been discussing so far.
That's why is a second is a step two conversation. That's why also involve typically other constituents within, in this case, the insurance company around how to revisit the authorization infrastructure and maybe centralize and harmonize the way he's injected on force in bespoken or custom built in our commercial of the shelf one.
Okay. I think we'll wrap this one up big hand for Martin and Marco. Thank you.
