Business Objectives
An ambitious goal to improve operations and provide secure digital access for a wide variety of partners meant If needed a new identity and access solutions.
The identity and access management (IAM) team at If recognized a business-critical need for centralized identity management and login. They also wanted to enable configuration at a local level to ensure specific regulations or business practices were taken into account. The new solution had to provide a smooth customer experience, be robust, flexible, and able to cope with large-scale user demand.
Challenges
Operating across all Nordic countries, If wanted to unify customer and partner digital experiences while maintaining local compliance. The large and varied partner network, combined with rapid digitalization of business models for both end-user and business customers, accelerated If’s shift toward an API business model.
Another major challenge was improving partner-focused services to enable new digital experiences and APIs. The end goal was to deliver seamless experiences for customers interacting with If’s products through partner systems and to ensure that If’s services were available for the customer in their cars, homes, phones, and other digital devices.
Key Challenges:
- Varied customer base including individuals and large corporate customers
- Enabling and improving API business model
- Different types of insurance products
- Diverse and extensive partner network
- Enable access to If products from IoT devices
Solution
After exploring and researching many alternatives, including assessing the possibility of developing their own solution, If selected the Curity Identity Server as it matched their very precise criteria:
- Ability to create a decentralized architecture
- Based on industry standards (OAuth and OpenID Connect)
- Developer-friendly, flexible, and customizable
- A scalable and predictable pricing structure that wasn't on a per-user basis
Previous identity solutions at If focused only on internal users, and they needed more functionality and a robust solution that could cope with external partners and different ways of working.
If developed a common login platform powered by the Curity Identity Server, which has since been rolled out to partners and now protects all APIs - internal and external. Following the success of this deployment, If has also completed the transition from its legacy IAM system to the Curity Identity Server for customer-facing identity management.
Securing AI
For If, AI has been part of operations well before it became a buzzword. What’s new is how the company uses it to interact directly with customers.
If has recently introduced If GPT, which lets customers have conversations with an AI-powered assistant about their coverage, policies and available services. The company is also exploring similar chatbot solutions in other business areas to create faster, more intuitive customer interactions.
All these customer-facing AI services are secured using the Curity Identity Server. By applying the same robust security architecture used across all digital channels, If has what it is required to protect both customers and APIs in the context of AI-driven user interaction.
Curity protects most of our AI projects. We don’t do anything radically new - it’s about following the established best practices.
Results
By implementing the Curity Identity Server, If Insurance has been able to focus on delivering end value for partners and customers instead of maintaining core IAM functionality.
The solution has become a central, resilient and secure platform supporting business and end-user customers, partners and internal users in all markets. It now supports every digital interaction, from customer portals to partner integrations, ensuring consistent, compliant and reliable access.
Capabilities that would have taken us years to develop we now have from the Curity Identity Server out of the box.
The IAM team emphasizes flexibility, control, and extensibility as the main reasons for choosing the Curity Identity Server. Its architecture allows developers to build, extend, and adapt identity flows to new use cases without compromising security. The Curity Identity Server also supports If’s product-oriented approach to identity and APIs - enabling them to treat identity components as configurable services that developers and partners can easily consume.
Finally, If values Curity as a partner that combines accountability with innovation. Curity’s proactive approach to security - acting swiftly and transparently when potential vulnerabilities arise - builds strong trust. Its continuous leadership in implementing modern OAuth specifications and emerging identity standards helps ensure that If’s platform stays ahead of the curve.
