Last week, I had the opportunity to join Mat Keller from Okta and Deb Snyder for a timely conversation on CIAM modernization in the public sector. The “No Wrong Door” webinar wasn’t about buzzwords or platform features. It was about real-world barriers, organizational friction, and what it takes to modernize resident IAM without breaking the systems—or the people—inside them.

The post below summarizes the seven most valuable takeaways from our discussion, drawn from my recent experience spearheading identity modernization in Washington State and Mat’s extensive technical leadership at Okta. If you’re navigating legacy sprawl, limited resources, or cross-agency complexity, these insights are for you.

1. Fragmentation Is a Governance Problem, Not Just a Tech One

Mat kicked things off by walking through a deceptively simple example: “I might log in as mkeller here, mkeller73 over there, and matt.keller@email.com somewhere else.” When residents look like three different people, everything—from user experience to service eligibility—breaks down.

The takeaway? Fragmentation isn’t just a systems integration problem. It’s a failure of alignment. Fixing this means aligning leadership, governance, and priorities—not just unifying logins. IAM modernization must be treated as a connected government initiative, not a single-agency project.

2. The “Mom Test” Is the Real UX Test

When Deb asked about real-world usability, I shared a simple test: Could your mom figure this out? Accessibility isn’t just for the blind or elderly—it’s about acknowledging that every user brings different limitations to the experience.

In Washington, we discovered a practical example: one MFA vendor delivered OTPs via voice call—but those calls were blocked by spam filters on smartphones. If the user doesn’t know why the code never arrived, the system failed. Human-centered design means obsessing over every user journey, every accessibility barrier, and every cognitive load.

3. Start Small—But Start Now

When asked how to begin modernization without disruption, we both agreed: bi-modality is not a compromise—it’s a capability. You don’t have to boil the ocean. Mat emphasized wrapping existing applications in a new identity layer to build early wins, and I added that getting comfortable walking and chewing gum—modern and legacy, together—is what enables progress without paralysis.

Gartner’s bi-modal model proved especially relevant here. The goal isn’t to eliminate legacy overnight, but to shield residents from its complexity and begin moving toward a more coherent, future-ready experience.

4. Innovation Is a System Capability, Not a One-Off Event

Deb posed a sharp question: What cultural roadblocks stall these efforts? In response, I recalled a workshop I facilitated for 15+ agencies in Washington State. I used the classic “square wheel” cartoon—pushing a cart with square wheels while ignoring the round ones—to illustrate innovation inertia.

The insight? Innovation doesn’t happen when the mood is right. It happens when it’s expected, modeled, and reinforced. Identity modernization requires daily, continuous innovation—not one heroic sprint. And it starts with a shared mission that transcends any single department.

5. Choose a Partner, Not Just a Platform

Too many evaluations are driven by feature checklists. But Mat and I both agreed: technical parity is common. The real differentiators are cultural. Are they responsive during implementation? Proactive in security patches? Transparent in roadmap decisions?

In Washington, partnerability—the way vendors showed up in the room, the trust they built—was one of the strongest signals in vendor selection. Deb rightly reframed it as “how vendors show up across the lifecycle.” Support, empathy, and shared ownership beat bells and whistles every time.

6. What Gets Measured Gets Momentum

One of the most underappreciated lessons from Washington’s success was our use of Strategic Performance Intelligence (SPI)—a framework that combined technical KPIs with business and stakeholder engagement metrics.

Mat talked about the danger of users setting the same password across 10 apps. But what drives change is knowing how often that’s happening, where friction occurs, and how many help desk tickets result. We brought in a user test group that directly influenced vendor scoring—quantifying UX issues that would otherwise remain invisible. The result? Faster alignment. Less debate. Better decisions.

7. Design for the Margins, Serve the Majority

The most powerful insight of the webinar came from a shared understanding: public sector IAM is about everyone. You’re not optimizing for power users. You’re designing for residents with shared devices, limited vision, cognitive impairment, or no internet access.

Deb brought up a scenario where residents applied for unemployment benefits using school-issued tablets meant for their children’s remote learning. That’s the reality. And if your system doesn’t anticipate it, it fails. Building for these margins forces the kind of resilience, inclusivity, and foresight that ultimately benefits the entire population.

Final Thought: CIAM Modernization Is About Leadership, Not Just Login Screens

At the end of the webinar, I summarized it this way: Everything is figureoutable—but only if we stop treating identity as a technical upgrade and start treating it as a leadership opportunity.

Mat echoed a similar sentiment: Build great relationships. Focus on open standards. Choose extensible, flexible tools—but don’t forget that people, not products, drive transformation.

🎥 Watch the Webinar On Demand
If you missed the live session or want to dive deeper into the conversation, you can watch the full recording here:
👉 Access the On-Demand Webinar