Close up of smiling woman's face behind screen

Case study

Providing secure and hassle-free membership experiences at the IET

Improving user experience and identification security was a priority for a professional institution with thousands of members across the globe.

With over 168,000 members, the Institute of Engineering and Technology (IET) is one of the world’s leading membership organisations. So, when it came to choosing a new platform for improving user experiences with single sign-on (SSO), multi-factor authentication (MFA) and user data security, it was no surprise they put their faith in Microsoft’s leading customer identity product – Azure AD B2C.

The IET worked with Kocho to consult and deploy Microsoft’s Azure AD B2C platform and integrate it seamlessly with their existing on-premises CRM system, website, and cloud applications. Kocho also worked with the IET to develop custom user flows, providing a simple and secure journey for their members to access privileged portal tools and information.

Results

A seamless single sign-on process for all users.
Provision of multi-factor authentication to give an instant security boost.
Implementation of custom user journeys, allowing privileged access.
Social media login options improved customer experiences and limited password fatigue.
A fully GDPR compliant platform via the B2C and Azure platform policies.
Peace of mind from cyber security tools built into the Azure platform.

We wanted to provide a system that would serve both our member needs and non-member needs while delivering a seamless customer experience.

Sara Killingworth

Head of Marketing, IET

The ultimate guide to external identity success

A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.

A pressing need for an easy to use and secure customer portal

The IET was undertaking a large project looking at all aspects of CRM, user experience (UX), compliance, and security. One key pillar of this project revolved around refreshing their membership portal login, access, and authentication processes.

The unifying challenge for the IET in this area was to provide a more secure and easy to use customer portal for its members to access applications and data.

The IET make several useful web applications available to their members within their online portal. Ensuring new and existing users could gain access to these privileged apps and information was a challenge as the IET’s systems and processes were complex, including:

A requirement to grant access to multiple apps
Integrating multiple systems, including some legacy on-premises platforms, as part of the process for login, access, and authentication
Allowing users multiple sign-in methods in the interest of providing good customer service

The IET needed to provide at least two different user journeys for sign-up, with resulting access dependent on whether registration was being made by a qualified IET member (full access) or just a general user (limited access). So, they needed to invest in a customer portal that could provide the ability to tailor complex user journeys.

The IET also had no two-factor authentication in place, and they had concerns over mitigating the growing risk of cyber attacks from compromised passwords.

And lastly, in the interest of improving the customer experience for their members, the IET wanted to find a customer identity solution that would provide single sign-on functionality and the option for members to logon using a range of personal credentials (including user email and social media) to counter the risk of password fatigue and the annoying need to reset passwords.

“The decision to use social logins would help overcome remembering multiple usernames and passwords to access our web platforms, while the multi-factor authentication provided a much stronger level of security to protect accounts from the threat of attack.” – Sara Killingworth, Head of Marketing, IET

A secure portal with single sign-on and multi-factor authentication built with Azure AD B2C

When they began looking for a solution, the IET researched technologies that could handle customer identity and security. The IET decided to go with Microsoft Azure AD B2C because the solution sat on top of the Azure AD platform, a robust and proven system, that would provide the security, reliability, and scalability needed.

With the IET having over 168,000 members, it was very important to know that customer identities would be protected within the Azure AD B2C platform. The ability to add multi-factor authentication and built-in cyber security controls through the Azure Cloud was a key differentiator for them.

“One option for us was to develop our own security layer but that inevitably can prove costly and time-consuming. As Microsoft provide similar services for thousands of websites globally and see traffic from across the web, we were confident that this broad view would allow them to detect and block attacks far more effectively than a small site building its own countermeasures in isolation.” – David Smith, Head of Technology Solutions, IET

Upon consulting with Microsoft, the IET was referred to Kocho, as one of Microsoft’s Gold partners in the UK and a leading global provider of B2C consultancy and deployment services.

The engagement started with a two-day Azure AD B2C workshop; we then went on to deliver a detailed report and proof of concept covering the deployment and specific architecture requirements.

To provide single sign-on (SSO), multi-factor authentication (MFA), and front-end website sign-in options with social media accounts (social IdPs), the Azure AD B2C system needed to be deployed and fully integrated with the IET’s existing on-premises CRM system as well as their website and cloud applications. The B2C platform fully supported open standards (including OpenID Connect, SAML, OAuth 2.0.Net, iOS and Android) meaning they were able to integrate easily with the various technology stacks they had.

With these integrations in place, the B2C platform sat on the front end of the IET website, powering all login, registration and authentication journeys and querying these against the CRM through a live sync.

The next step was to build three custom user journeys specific to the IET’s membership access requirements:

Journey 1: Sign-in (member or non-member)

This journey required B2C enabled SSO, log in via social IdPs, and an MFA trigger for all members using email sign-in.

Journey 2: Online registration (member)

With this journey, a new IET member without an online account is now able to register online by just giving three known details about themselves (last name, membership number, and DOB) and B2C will sync and authenticate against known membership details in the IET’s on-premises CRM system. Users are then able to seamlessly access membership areas of the website.

Journey 3: Online registration (non-member)

With this journey, a user can register online as a non-member by filling out a more in-depth set of details that will populate the IET’s on-premises CRM system and, in turn, sync with B2C. Users are then able to seamlessly access non-membership areas of the website.

Security and ease of use create a better customer experience

Improving value for the membership base through better membership experiences was a critical part of the IETs broader CRM project. The deployment of Azure AD B2C was carried out quickly, and in a highly professional manner, by the Kocho team.

The IET’s website now has the functionality to provide the customer security and usability features all leading membership organisations strive for, including: