At Street Contxt, we use Google Workspace. Aside from the core applications it comes with (docs, gmail, calendar, etc.) it has an additional benefit: it’s an extremely popular form of Single Sign On.
Single Sign On (or SSO) is “an authentication scheme that allows a user to log in with a single ID and password to any of several related, yet independent, software systems.” Basically, I can log into almost every tool that we use as an organization with my Google Workspace username and password. I don’t have to remember a username and password for every piece of software we use: Google takes care of it.
That being said, SSO is much more than making my login process simple: it’s about owning my identity. Now every single one of those apps I use manages my access through Google. It’s hard to appreciate the utility that Google gives me in that way, and the value that they receive by understanding my entire identity across the suite of applications and services I use outside their own. It’s not a surprise that Facebook and other major tech companies have pushed into the SSO space: it’s extremely powerful and valuable long term.
But why is it so valuable? At the end of the day, if you can manage a user’s identity, you create a lot of value for both the user, and yourself as the managing organization: you can save the user time and energy by simplifying their life. You become their identity across their digital lives. Additionally, the organization managing the identity gets the benefit of becoming ‘stickier’, understands more about their users than ever before, and becomes essential to other software providers by solving a frustrating and low value problem (login credential management) and improving the onboarding experience.
The part of this that I find interesting is that in the capital markets, no one yet owns identity.
If you look at the user experience on either the sell side or the buy side, almost every application a user could engage with requires a different username and password: chat (Bloomberg, Symphony, etc.), data (Bloomberg, Refinitiv, etc.), applications, or content (Research Portals). I took a moment to visit the client/research portals of five major brokerages, and none of them had any additional sign in options (outside the standard username/password).
As in the evolution of the broader consumer internet, we’re currently at Identity Management V1 in the markets: email address as a username. This is how almost all applications started off – even Google and Facebook, who still use this schema on their main sites (which then enables the ability to leverage SSO going forward). It makes sense – email provides a username that is by default unique, as no two people can have the same email address, thus resolving the username management issue amongst software vendors.
There is another major problem solved by SSO: the removal of inactive/deactivated accounts. When a user currently leaves a buy side fund to join another firm, they leave a trail of inactive accounts behind them. As all logins are still basic (isolated in a database), and based simply off a username and password. Given this setup, there is no effective way for the firm involved to message every vendor/brokerage/counterparty regarding the newly departed user, and ask them to shut down/disable/reassign the users accounts. This leads to a logistical nightmare between counterparties as people flow between jobs.
Now, many firms have begun leveraging an internal form of SSO. They have an internal application that lets them log into internal applications with a single set of credentials – but I have yet to see this broadly implemented across organizations.
What comes next is Identity Management V2: a broadly accepted (and thus integrated) form of SSO that is available between applications and organizations.
Which brings us to the main question: who is going to own identity in the capital markets?
Who is going to be the group that offers the first widely adopted Single Sign On that can easily be integrated and offered at all those touch points? The ability to log into any broker portal, the ability to log into applications, and even one day the ability to log into Bloomberg/Symphony/Refinitv. No organization that I talk to enjoys managing client credentials, or even wants to – they simply have to. There are no other options.
There are three major groups in the markets: corporates, brokerages (sell side), and funds (buy side). None of them have a good solution for identity management, and all of them experience the challenges and frustrations as a result: a list of different usernames and passwords for all their logins, the need to constantly reset/request a new password, and the annoyance of having to request/setup new logins every time they change jobs (or the resulting need to decommission/shut down logins for clients who have moved on).
In an increasingly digital market, this is only going to become more and more important as the number of applications and logins that individuals leverage grows, and the administrative overhead that comes with managing those logins grows for users and firms.
No one really owns identity in the capital markets yet – but for anyone who can, the rewards will be massive – and we have an idea or two ourselves about what that is going to look like, and how we can tackle the problem.