SharePoint is becoming more and more prominent both internally and externally. Since access is often a hybrid of internal and external users, SharePoint identity management is especially important to do right.
You have to make it easy for these users to access the correct SharePoint sites based on their role(s). An internal user needs certain access and an external user needs different access; it's like two sides to the same coin. For example, both need to access billing records but have different permissions on what they see.
Where things differ is the user experience. You manage internal users based on having Active Directory accounts and then grant access based on SharePoint, AD, or other groups and roles. External users have a whole different set of identity issues. You don't necessarily want them in Active Directory so you don't manage them with AD groups or even SharePoint groups...so how do you manage them?
Having an external directory that can manage SharePoint permissions and assign roles is essential. Our own product, EmpowerID, does that very well. Once you have the directory for this, there are three main user experience components you need to address:
- Registration
- Login and SSO
- Password Reset
Since they aren't internal users you may not have an authoritative source for these users. If you do, provision them from there. If you don't, you need a registration page that collects the relevant information and sends their details to the appropriate system or person for authorization. For example, anyone can have general access, but if they indicate they are a customer, have the registration page confirm with CRM or their account rep. Keeping these external users in a separate directory allows you to manage their access with the proper granular controls.
A user needs to be able to login easily. Accepting federated logins from Facebook or Google enhances the ease of your portal for customers. Having a system to accept federated SAML tokens is needed for this. SharePoint 2010 allows directories like EmpowerID, for example, to act as a SharePoint claims provider. This way, users don't have to remember another username and password.
But if you don't federate, you will need a good way to allow a user to reset their password without calling you. Since you are often displaying important confidential information to your external users, having a method for two factor authentication or identity proofing will keep this data secure.
Remember, the fewer barriers to having your external users interact with you, the more likely they will continue to spend money with you. Understand their identity, provide them the same or better service than you do your internal users and you will keep a customer for life.
Schedule a demo to see how some of our customers have solved this identity management issue with SharePoint and see how to improve it for your customers.
