How to better manage customer identities to support an engaging ecommerce user experience
Vikas Saini
Principal Architect, Google Cloud
Rohit Mishra
Customer Engineer, Application Modernization
One of the fundamental questions that retailers constantly ask themselves is how well they know their customers and how they can build deeper relationships. Knowing who their customers are can have a direct impact on improving customer engagement, which can lead to increased conversion rates, customer loyalty, lifetime value, and higher return on marketing spend.
Retailers have started to use innovative new methods like identity graphs, which connect information from multiple sources such as internal databases, marketing systems, online interactions and social media platforms. While these new methods have shown promise, the best and most effective approach remains customer self-identification through an authentication process.
As a result, retailers require a sophisticated user identity platform that protects customer information with proper authentication and authorization, one which incorporates advanced mechanisms like multi-factor authentication and intelligent account protection, to ensure customer information is protected throughout its lifecycle.
Google Cloud Identity Platform (GCIP) is a customer identity and access management (CIAM) solution that can enable retailers (and any other organization) to add identity and access management capabilities to online applications. GCIP is easy to administer and develop with, and is able to grow with an organization’s online user base.
With a customer identity and access management (CIAM) solution like GCIP, a retailer can quickly and easily implement powerful identity management and security capabilities such as:
Advanced authentication through email or SMS/text messaging.
Quicker onboarding with social logins from Google, Facebook and others.
Flexibility to support external identity providers through identity federation.
Support for multi-tenant B2B use cases with the ability to create unique silos of users and configurations.
Easy to use interfaces and libraries to help web/mobile application developers quickly integrate and launch.
Broad authentication protocol support, including SAML 2.0, OAuth/OIDC or simple email- and password-based authentication.
Built on Google Cloud’s planet-scale infrastructure to support a growing customer base.
How does it work?
GCIP allows end users to authenticate to web and mobile applications. For retailers, this could be their online shopping app for mobile devices or an ecommerce website accessible over the internet through a web browser.
Users can sign-in with their email/passwords, phone numbers or using their social logins . If the organization uses an existing OpenID Connect (OIDC) provider, a Security Assertion Markup Language (SAML 2.0) provider or even a custom authentication system which issues signed tokens, Google Cloud Identity platform can be used as the authentication orchestrator.
Using Google Cloud Identity Platform as the primary authentication system
GCIP can serve as the primary authentication system, meaning users are provisioned into GCIP. In this case, the end user identities are securely persisted in the “account store” database. The database is a part of fully managed GCIP services and needs no provisioning or scaling from the retailer as their end user base grows. A high level architectural overview of how this flow may look like is shown below:
Using Google Cloud Identity Platform with social logins
Google Cloud Identity Platform can also be used with popular social logins such as Google, Facebook and others. This gives users a familiar option and eliminates the need to provision users in the GCIP identity store. Below is a high-level architecture diagram showing how GCIP integrates with the social login providers.
Customizing user flows
Many organizations want to be able to customize their login flows. Sometimes, an organization wants to make data related to new user creation and user logins (barring the passwords) available to other systems. These systems can include analytical systems, recommendations or promotions engines (such as sending welcome emails and promotions upon new sign-ups,) security operations (for example, to run analysis on sign-in requests to help detect account takeover attempts,) customer master data management systems, and customer data platforms. GCIP supports blocking functions and asynchronous functions to help customize the login flows and enable syndication of the login or sign-up activity related data to external systems.
Next steps
Google Cloud Identity Platform can provide a robust, scalable, secure-by-design mechanism for managing and authenticating users to online apps. To learn more about GCIP and how it can benefit your organization, please check out the documentation.