For businesses delivering digital services, poor customer account setup and login experiences can hurt brand affinity and, ultimately, company growth. When customers find it difficult to establish and manage their online accounts, the results are often higher customer attrition numbers and higher operational costs through help-desk requests. The importance of providing easy account creation and login experiences can’t be overestimated when it comes to business growth strategies.

In many identity and access management cases, account access is controlled by defining permissions for different roles. However, protecting access to data and systems requires more than outdated mechanisms like login username and password verification with role-based access control (RBAC). Smooth customer login experiences are rooted in well-orchestrated customer journeys that anticipate and enable customers to accomplish what they want to do. Plus, securing access to the right information and digital services often involves risk considerations across various use cases.

What’s more, developers are often tasked with quickly and efficiently building the customer experience and security capabilities organizations require to keep pace in competitive markets.

Organizations need more modern authentication development capabilities that provide flexibility and agility beyond the time- and resource-consuming methods of manually coding authentication into each application.

A Modular Approach to Authentication Development

One way organizations can introduce more agility into their development processes is by leveraging OAuth and OpenID Connect standards to use a toolbox of plug-and-play authentication capabilities provided by the identity system.

Some identity and access management solutions offer actions in the form of reusable blocks of code that perform a specific authentication task or group of tasks. These authentication actions can be used in a modular way to dynamically enhance authentication workflows without needing to redeploy applications. Actions can also change the application’s API permissions dynamically.

Authentication actions can be used as effective tools for addressing the complex access scenarios organizations must manage and secure. They can be added to workflows to implement convenience and security measures after users have successfully proven their identity during the login process.

Once a user has proven their identity through one or more authentication methods, such as a password, passkey, biometric authentication or a combination of methods with multifactor authentication, the next step the user takes can be customized by using actions. The user journey can be orchestrated in ways that improve security while also ensuring customers can easily and successfully use apps and digital services.

Simplify Development for Complex Use Cases

One of the strongest advantages to this modular approach of building and customizing authentication capabilities and customer experiences is that tasks and functions are broken into small units that can be easily combined or separated to apply tailored behaviors to authentication workflows.

Actions can be set up to depend on each other and executed in a configured order so they can be chained together to efficiently and automatically perform complicated workflows. Authentication actions can be thought of as building blocks that can be bundled together to create further efficiencies and to ensure security protocols are implemented uniformly across varying apps, APIs and digital services.

This approach eliminates unnecessary duplication of effort and significantly reduces the amount of code developers need to write. The result is more precise control over user journeys and stronger protections against cyberthreats while also reducing development time and resources. New digital features, products and services can be launched quickly with more confidence in their stability and security.

Unlocking the Potential of Authentication Actions

When using authentication actions, first take some time to fully map out the customer journey you want to achieve, and most importantly, all of the possible variations of this journey. Think of your authentication requirements as a flowchart that you control. Start by mapping out your requirements for different users and how you want them to sign up and authenticate.

Understand the trade-off between security and user experience. Consider using actions to enable a frictionless initial login with a simple authentication method. You can use step-up authentication as a technique that increases the level of assurance when the user needs to perform higher-privilege operations.

You can also use actions to implement dynamic behavior per user. For instance, you can use an action that captures an identifier like an email to identify the user. Then you can use another action to look up the user’s preferred authentication method or methods to give each user a personalized experience.

Authentication actions can also be used to strengthen security. You can change authentication dynamically to combat active threats. When under attack or to protect against access at unexpected times or from unexpected locations, preprogrammed actions enable you to change authentication requirements in the identity system that can be rolled out immediately.

Supporting Migration to Passwordless Login

One possible scenario in which authentication actions can be useful is enabling users to seamlessly change their login method without inadvertently creating a duplicate account. As more organizations consider the advantages of passwordless login, like faster login and fewer help-desk calls for lost passwords, authentication actions could be a powerful tool to facilitate a shift away from passwords.

Actions can be used to prompt users to change their login method to a passwordless method, like passkeys, without creating negative or confusing customer experiences. Actions also avoid the need to migrate all users at the same time by allowing customers to migrate individually when it is convenient for them. Plus, users can migrate by following a few automated prompts without needing the help of a customer service representative.

For example, in the migration to passwordless login use case, there are multiple potential scenarios. A new user creates an account and logs in for the first time and is prompted to set up a passwordless method, or an existing user logs in with an old method and must be prompted to set up a new passwordless method. In another scenario, the existing user logs in with their new passwordless method.

Authentication Action Types

In addition to the password migration scenarios, developers must also consider other possible login factors and circumstances, especially those that could affect security and regulatory compliance. For instance, a user may log in from a new location or during unusual business hours. A user may also log in from a region that must comply with certain regulations.

Each of these use cases will require a different combination of authentication actions to create the appropriate user journey and ensure the right security parameters are in place. Some examples of useful actions that could support these situations include:

• Account linking: An action can be used to avoid creating a duplicate account when a user changes or establishes a new login method. It can tie user identity data together to maintain data integrity and deliver a consistent identity to APIs via access tokens. Account linking can help link identity attributes across all login methods.
• Lookup account: The user’s account details can be retrieved from an underlying data source. This action could help prevent duplicate accounts and help ensure the user’s full record is available throughout the user journey, especially those that involve multiple data sources or applications.
• Switch workflow: An action can be used to create workflows based on different conditions and control when a different workflow should be triggered and executed.
• Update account: When certain conditions are met, the user’s account can be updated with new values or attributes. This action could be useful for establishing new login methods and ensuring the user will be prompted to use their new method for all future sessions.
• Multifactor condition: If the context of the user’s login meets certain criteria, particularly those that could indicate an illegitimate login attempt, additional authentication methods can be required for an additional layer of security.
• Impossible Journey: This is another security feature that can be triggered when the user’s login actions span a large distance in an impossibly short amount of time. These circumstances could indicate an account interception or takeover attempt. Additional authentication methods or blocking certain user tasks can help protect the account.
• Script action: A script action is one of the most powerful actions. It should enable you to apply your own logic when you manipulate authentication attributes. This can even include calling your APIs.

A Powerful Tool for User Journey Orchestration

Implementing the agility you need at a business level requires an authentication toolbox that meets your requirements. Choosing an identity solution that includes rich support for actions will provide you with the flexibility and control to create highly customized user journeys and implement strong security while also easing developer team workloads. Whether you are building your own authentication actions or deploying a tool that provides them, using actions is a valuable way to scale operations as well as digital service capabilities.

Michal Trojanowski is a product marketing engineer at Curity. He is a developer with more than 10 years of experience working with web technologies. Working on different projects allowed him to learn different languages and observe different approaches on design…

Read more from Michal Trojanowski

Gary Archer is a product marketing engineer at Curity. For 20 years, he has worked as a lead developer and solutions architect.

Read more from Gary Archer