So thanks for the introduction and good morning to you all and warm welcome, happy that you all joined today morning after yesterday's river cruise.
Some of you might already know CDAs since we joined the EIC several years now as a sponsor. And some of you also might know me since I joined, as mentioned several times on the stage with a keynote or in panels within the last years. For those of you who don't know us, a short introduction to CDUs, to me and to our service portfolio. We are a European cloud anti access management provider located in Germany and we are a family owned business.
So both of my sisters joined the company. So you can imagine my life was not easy up to now they do not only torture me during my youth, but now also during the job to our service portfolio. What do we offer? We in particular have three different service offerings, which is first the customer identity access management, which we started with 2015 2016. So the first solution we provided, we currently manage more than 600 million user identities with CDOs for more than 250 customers. And we offer a feature complete solution.
So from authentication registration processes to user self-services, progressive profiling, concept management, so all the capabilities you need to build up modern customer identity and access management use cases
As a logical next step. We then expanded to the workforce identity and access management. So we added capabilities like identity lifecycle, so to tackle joiner mover, lever concepts as well as provisioning services and much more to meet the requirements of modern workforce identity and access management use cases.
And last we have the ID validator.
The ID validator is an auto ident solution to do ID verification. So we use artificial intelligence and machine learning algorithms to verify the user identity based on ID documents like ID cards, passports, driver licenses. There's a variety of different use cases where we apply that, for example, regulatory use cases like opening of a bank account or signature of loan contract. But also there are less regulated use cases like H verification in the context of selling alcohol or streaming services for the H check for movies, the same for driver license check in a car rental service.
So the C validator is the perfect extension to the CDAs platform in the customer identity and access management use case, but also in the use case of workforce identity and access management because we quite often see the onboarding of remote employees, remote suppliers, partners joining any company. So we really have an integrated user journey both in customer and workforce identity and access management.
And while identity and access management is a broad field with many features, what we have seen also from authentication content management, ID verification in the end we today or I want to focus with you jointly on the user management in particular in the customer identity and access management. So focusing on B2B and B2C use cases
In particular, we want to take a look at the differences and similarities, what we need to consider in that user management. So when we think about user management today, we think about the registration process.
For example, we all know that might differ already between B2B and B2C, so B2C I might sign up with my personal details and in a B2B use case I might add further details. For example, company name, company address and more. But what we disregard in particular in these use cases is that we do not only have one user but multiple users in the B2B use case already. And we then also think about basic services like user profile, user self services. So users might change their personal details, they might change the address data.
They might also accept or revoke contents, but always focus on individual users. And we have basic services like progressive profiling when we enrich the user data step by step.
But as mentioned, we really disregard, disregard that there is not only one user but there are more more complex use cases to dive into more depth than that, let's have a look at the users in the context of a B2B scenario. Obviously it's all clear to us that there's not one individual user, but there's a group of users and we also get to know that users are acting in a certain role within that group.
So not all of the users have to same authorization or permissions. So not all of them are managing directors or administrators, but they have different roles in the context of the group and also have different capabilities and permissions there. If we extend that also to the B2C use case, it's the same.
Also there we do not have single individual users, but we have a group of friends, we have a family, so we have completely different scenarios be it in the loyalty program where a household jointly uses the loyalty program or be it a streaming service provider, which we all know we have this account sharing and that extends to any use case. So if we have insurance policies that also might apply to the complete family, I might visit a sports event jointly with a group of friends.
So there are really different use cases where there is not only one user but the group is the bracket for a group of users.
And we also need to think about the flexibility between the groups. So while I visit a sports event with a group of friends this weekend, next weekend I might visit a sports event with my family. So I might be member of different groups. And we already have good examples in the real world where such family and friends scenarios are managed in the identity and access management.
For example, apple family or Spotify family where parents are able to manage the permissions as well as the family group. So invite, remove children to the to the group and just have a self-managed way of organizing that.
And if you take that one step further in that aspect, we are also now have the capabilities that parents can manage their children out of the identity perspective. For example, the streaming service use case, parents have the option to allow or define the time the children are allowed to watch a movie. We can build up the context of the group.
So if I'm getting married, I can add my wife to the group, I can add children if they grew up to the group. So I really can manage the users in a self-organized way and can also achieve all the capabilities, reduce the administrative effort on the one side and also the user experience on the other side.
So what does that now mean for the customer identity access management solution? A customer identity access management need to provide delegated user administration capabilities.
So that means group administrator, be it the supervisor in the company use case or be it the parents managing their children need to have the option to manage the users. So removing them if employee leaves the company, but also inviting, adding users to the group if the children grew up or if a new employee joins the group. And that's also what we built in into CDOs, into our group management. We have to delegate user administration capabilities as a basic functionality of our group management. And even more we proper provide more flexibility also by adding group types.
So I can define a group type family, I can define a group type friends, I can define a group type partner, define a group type customer. That gives me even more insights into the different use cases and into the different and helps me to differentiate the different groups and I can derive authorization information out of that. So I know the group type, I know the group and I might know the role of the user within the group.
And that basically leads us to a discussion we normally have in the workforce identity and access management. How do I build up authorization?
So I do now have more extensively also a fine grant authorization management in my customer identity and access management because I need to raise questions like who's authorized to order in the online shop or who might not only be allowed to few invoices, few orders. So that might be interesting use case in B2B as well as in B2C scenarios. The same is true for insurance policies. So who is allowed to see their insurance policy, who's allowed to maybe upgrade it? And the same is true for bank accounts. So who is allowed to do the bank transaction, who is only allowed to see transactions?
Are there certain limits? And finally who's allowed to manage the group? So who's allowed to add users to the group, remove them and manage the permissions of the users. So if we compare it to the workforce identity access management use cases, we also need to think about approvals. So if I add someone to a group, assign them permissions, I also need to think about how the permissions of the users are managed and if users can re request certain authorizations
To give that a more clear view. I took the family business as an example. My dad signed up for a company account with an online shop.
He obviously has all the permissions, I just have the permission to few orders, few invoices added the wishlist. If I now want to order something, I might request the permission for that, the authorization for that, and my dad is there to approve that or he might also reject it because he likes my sister more than me, so tomorrow I'm not allowed to order anymore. And but she is.
And that can be even extended. So we can also think about cross company approval flows. So multi-stage approval flows that might be interesting in restricted goods or services.
So if you take the example of medical products or the medical product regulations in the European Union, the medical product companies or the suppliers need to verify that they only sell to certified and verified users within the world. So if a B2B customer, for example, doctor is signing up and an employee of the doctor wants to order something, the employee might request the permission to order the supervisor, the doctor administrator of the doctor office might approve that.
But still the supplier in the in the second step want to give the final approval to allow this user based on reviewing the certification of this user to order certain products to verify just the regulatory use cases. And that might be even outside of the group.
We might have certain authorizations, for example the age verification, therefore example, the ideally data comes into game when we can verify the age of certain users and check if they are allowed to have the permission to to view certain movies or I check the the driver license and verify if a certain user is allowed to drive certain vehicles.
If we now think about the use case and capabilities, what we already discussed, delegate user administration as well as also the authorization that use case, we finally also end up asking the question about the visibility.
So that's some final thoughts on the visibility, why we always consider individual users. We always think okay, the visibility between the users, so if users should see each other is not arising. But if we talk about groups, obviously that's arising. So do I have separate user accounts who don't see each other or do I go more into depth? And in the context of the B2B group CDOs, which I might be the group administrator, I might be managing a group.
So the visibility within the group, it might be obviously interesting if I have the capabilities to see the users of my group because I need to manage them, remove them and maybe invite new users.
But it gets more interesting if I consider the visibility outside of the group. So if I think about the visibility outside of the group, I want to maybe add users to the group which are already present in the system.
So it might be interesting for me to add new users to a group and then I need to maybe search for them in the identity ecosystem and if I remove them they might be still within the identity ecosystem. So I need to define flows and processes. What happens if a mo a user joins a group or gets removed from a group And about the visibility. So which user is allowed to view which other users. I need to also think about if users within a group should see each other because I maybe want to have collaboration use cases. That's also what we have with CDAs.
So with CDOs we also have the collaboration in the customer XI management. So our customers are defined as a group. They can invite new users, new employees to their group to manage their C ds instance. But we also have partners. So our partners support our customers in integrating CDOs, configuring CDOs, managing CDOs. So basically our customers invite the users of the partner to their group to allow them to manage the C ds instance. So in that use case, I really have the collaboration between different use cases and between different user groups.
And thereby it might be interesting because the partner users might be already present in the system because they do not only support one customer, but they might be in 5, 10, 20 different customer groups because they support multiple customers. So in that use case, I also need to think about the visibility to enable collaboration much more easily.
And if I take the same for the medical product technology company, it might happen the same way.
So a supplier which providing the customer anti access management solution might also enable the customers, which might be a doctor office to join certain groups and also partners who are supporting them in that use case.
I might also think about temporary users, which might be in that use case patients which just join to have a joint look at the medical case of this one patient where the supplier, the doctor and other partners jointly work on the case of the patient and the patient is just able to see, get visibility, what is happening on his medical data and also what they made for a medication plan there.
So to sum that up, what does a modern customer identity and access management need to provide in particular to manage groups?
Obviously a group management needs to be there, so I do not only need to consider individual users, but users in the context of a group. Also the authorization needs to be considered there. So users might need to take roles within the context of a group. I need the capability for delegate user administration so that groups can really manage themselves.
So adding, removing users, assigning permissions there. And I also need to think about the visibility in that use case. So we provide with CDAs the flexibility that you can have the delegate user administration, you have to find great authorization, but you can also manage the visibility. So you can say no, no users should see anything, or you can completely go to the open thing like in a social network that one user has the preview of already other existing users if I search by email or something like that.
And that's a decision which needs to be done decided within the business use case and within the requirements. That's the end of a short outlook for the user management. I hope I could give you some insights. If you have questions you're o obviously happy to ask them now or also join our booth downstairs. We are happy to have a discussion with you on the group management B2B or B2C use case and happy to see you later or during the day and enjoy the rest of the day.
Thanks Patrick. Always great to have you. We have one quick question. What's the number one challenge you face at CDOs?
I think there we have two challenges. So technically obviously we have completely different use cases with our customers. So I mentioned insurance policies, I mentioned medical product companies and I have, we have streaming service and all that. So they have always different processes focusing on the user experience. But I think the biggest challenge is the visibility of the company itself still. So some of you might know us already, some don't. So I think the brand awareness is one of the big things we are tackling.
So we are now the leading European provider in customer identity access management with more than 600 million user identities, but still there's more brand awareness to go and to come. So we need to work on that I think.
Great. Thanks Cedric, be one.
Thanks.
