How to support thousands of authentications and boost UX with a customized Multi-Access Identity Platform

When assigned roles and computer skills vary, it is hard to handle how and what information our users can access. Consequently, you may end up with a dozen costly authentication solutions. Apart from data protection concerns, this may generate password fatigue and confusion among customers who want to use more than one service.

Luckily, it is possible to build one user-friendly and secure customer identity and access management solution (CIAM) to tackle the challenge.

Looking for a technology guardian to protect sensitive data

Our client supports thousands of patients, doctors, and employees in improving the quality of human life. Being a technology-driven entity, they use a range of digital applications to connect with them and provide secure access to medical records, laboratory test results, or operation details.

With the number of resources and active users in constant growth, the company looked for a way to strengthen the security of new and existing accounts and manage their access to sensitive data.

Addressing the user needs first with a convenient platform

The goal was to simplify how the company provides access to its digital resources and makes the services widely available to people with different computer literacy skills and roles inside and outside the organization.

And since those tend to access not one but many different applications, the client needed a solution that would reduce their fatigue when logging in multiple times to the systems.

With that in mind, Multi-Access Identity Platform seemed like the way to go for several reasons:

• It can support different types of users, such as doctors, employees, medical students, and patients.
• They receive an SMS or email with a one-time password (OTP code) or alternatively use an authenticator of their choice to enter multiple applications instead of registering to various systems with different credentials.
• The platform is highly customizable, so it is easy to maintain brand consistency and add other necessary features to improve the digital experience.

Having operated in the market for many decades, the company understood the needs of its users and how they navigate its apps. After diligently analyzing their behavior and feedback, the UX team created a design for the authentication portal that addressed the key patterns.

When the moment of putting the plan into action came, the company contacted Predica and asked us for support.

Bridging the gap between UX design and technology

Seeing that the proposed design did not consider all technological requirements and limitations, we joined forces with the client’s team to decide on the shape of the solution and how it would look.

In the design workshops, we distinguished four types of accounts and agreed on how they will be accessing the platform based on their prior digital behavior and needs:

1. Local Accounts – customers and patients using their email and password to log in
2. Federated Accounts – employees using internal corporate accounts to authenticate
3. Partner Accounts – partners and customers using external corporate accounts to access the platform
4. Social Accounts – customers and patients using social accounts for authentication

Considering that the applications process highly sensitive data, it was crucial to maximize security. Therefore, all users go through multi-factor authentication (MFA) regardless of whether they authenticate with a corporate or commercial account. It is also enabled for social accounts that do not use MFA by default, assuring the company that access to medical records is protected against potential vulnerabilities across all accounts.

The second thing that applies to all the user types is the platform itself, where everyone who wants to access the applications does so via one gateway:

Different types of users accessing the platform

Apart from agreeing on the desired outcomes in the meetings, our teams validated the project idea by providing an in-depth overview of Azure technologies and how to use the cloud’s capabilities while optimizing spending.

Handling identities and managing access with an Azure AD platform

There were four types of users, a dozen web and mobile applications, and a lot of sensitive data to protect, so choosing the right management platform was fundamental.

For storing and handling corporate accounts of employees, we chose a highly scalable and flexible service called Azure AD. It increases security and compliance and can be integrated into a wider range of on-premises and cloud platforms and applications.

Azure Active Directory (source: Microsoft)

An extension to the platform was Azure AD B2C, which is capable of supporting millions of users and authentications per day. It became the central point for authentication for doctors and patients who used our client’s services.

This cloud-based solution protects accounts against unauthorized access with measures such as the previously mentioned MFA.

Whether the user logs in with their email, corporate identity, or social media account, the level of security remains equally high, making the platform not only widely accessible but also reliable.

A login page example

Given that users accessed various applications, for example, to check their laboratory test results and then make an appointment with a doctor, we wanted to simplify and shorten that process.

In the past, they had to log into each service separately, which was timely and inefficient. By introducing SSO, users now provide their credentials just once, and when they leave one application, they are automatically signed out from the others.

And since CIAM solutions are all about self-service, users can reset or change their password, update their data profile, including email address, and manage the preferred MFA method to configure their preferred authentication method on their own.

A sample password change page

Bearing in mind that users accessed web and mobile applications just as often, we included the same product features and security measures in both versions.

Additionally, the solution is easy to customize, so together with the UX team, we created a visually appealing and interactive authentication page with the company’s logo and brand elements across all services.

Finally, the platform is constantly maintained and monitored by Predica’s Managed Service team which uses Azure Monitor capabilities to detect and react quickly to services downtime or slow response times.

Azure Monitor capabilities (source: Microsoft)

Building positive user experience in a secure environment

With all the digital services secured with Azure and available in one dedicated platform, the company’s customers, partners, and patients benefit from an easy and safe solution with self-service features, giving them unprecedented flexibility.

Users need not register separately to different services to check their medical records, see operation details, or book an appointment but instead create an account once and access all relevant information using a single access point.

As a result, the platform has significantly boosted the number of online interactions and it outperformed solutions typically associated with and offered by companies in the healthcare industry.

An example of additional data collection

The current solution requires the users to remember only one name and password instead of memorizing various combinations, so their overall experience has improved. Alternatively, they can log in via a social account, so there is no need to go through the registration process again.

On top of that, medical information and personal data are protected with an additional protection layer – MFA. The platform lets users decide on how they want to verify their identity, be it by receiving an OTP code in an email or an SMS or using an authenticator. Thanks to that, the platform is secure and convenient.

It is also equipped with an automatic and straightforward sign-up, secure identification processes, and monitoring features so that access to private data is managed with care at all times.

As the company knows best how to interact with its customers, we cooperated heavily with the UX team to align the company design and include brand elements in the login panel and inside the services. Users can now see a visually attractive and memorable solution that contributes to company recognition.

What is more, the platform is available in multiple language versions, and all users are offered the same protection measures, services, and design. It is future-ready since additional features, country-specific policies, and language versions may be easily added as the business grows.

Along with its expansion, there will be more and more online interactions. Luckily, the cloud-based solution allows for an unlimited number of active accounts and authentications, so scalability will not be an issue.

To ensure the smooth running of the Multi-Access Identity Platform, it is consistently maintained by our Managed Service team who monitors the environments and takes immediate action when needed.

Finally, no matter how many users register and access the platform, the maintenance effort remains low thanks to self-service, allowing the dev and IT support teams to spend their most valuable time on other challenging projects.

Summary

What started as an idea for better identity and access management evolved into a project at a large scale, encompassing the lion’s share of the digital applications offered by the company.

With Predica’s help, the organization developed a stable and user-friendly network of interconnected digital services powered with the most comprehensive security features.

Having a reliable and scalable platform, they are already on their way to integrating other applications to the identity solution to better serve their clients and continue improving the healthcare environment.

Want to discuss your solution? Schedule a meeting with our expert

Book now