The DXP Catalyst Update - Aug 1, 2025

INTRO
Welcome to This Week’s DXP Catalyst Update

It has been a relatively busy week here at DXP Catalyst, balancing ongoing client work with several new opportunities. On Wednesday, we had the chance to introduce the company to a wider audience through the Greenwich Village & Chelsea Chamber of Commerce, which was a great opportunity to connect with other local business leaders.

There were also a couple notable updates in the vendor landscape. BigCommerce has announced a rebrand to simply Commerce, unifying its platform with Feedonomics and Makeswift under one consolidated parent brand. Meanwhile, Optimizely introduced new Generative Engine Optimization (GEO) capabilities within its SaaS CMS, aimed at helping organizations improve how their content performs in AI-driven discovery environments like Google SGE and other large language model search experiences.

GEO is clearly gaining momentum. Just last week, a prospect found us through a generative AI tool, which reinforces how important it is to have your digital content optimized for these emerging discovery channels.

Our newsletter topic in this week’s DXP Catalyst Update takes a closer look at why SSO and consent management need to be treated as core parts of your experience architecture, not just technical or compliance afterthoughts.

LEADERSHIP GUIDANCE

Digital Identity Infrastructure: Why SSO and Consent Management Deserve More Attention in your DXP Stack

Most organizations still treat Single Sign-On (SSO) and Consent Management as entirely separate concerns. SSO lives with IT or security, primarily used to manage employee or partner authentication. Consent Management is handled by legal or marketing compliance teams, framed around regulations like GDPR or CCPA. These functions operate in isolation, rarely showing up in digital experience planning.

That approach may have worked when systems were simpler and audiences were clearly separated. Today, that separation creates risk. As more organizations embrace composable digital experience platforms, the user journey increasingly spans tools, roles, and touchpoints. The same individual might begin as a prospect, convert into a customer, and later become a portal user or authenticated advisor. Identity is no longer a static concept, it’s an evolving relationship across platforms.

Despite this shift, identity and consent are still missing from most DXP strategy conversations. They’re implemented separately, owned by different teams, and rarely aligned with how personalization, analytics, or content delivery actually work. This disconnect has real consequences as it leads to fragmented experiences, inaccurate data, and compliance blind spots. And it often requires expensive workarounds that could have been avoided with better upfront planning.

Why Identity and Consent Strategy Belong Together

On paper, SSO and consent management serve different purposes. SSO is often implemented for authenticated users, including employees, partners, and portal visitors. Consent tools are typically designed for anonymous website users, helping organizations meet legal and regulatory obligations. While this separation may seem logical in theory, it begins to fall apart in practical use.

Take a university website as an example. A prospective student might begin as an anonymous visitor, exploring degree programs and admissions criteria. After applying, that same individual could return as a logged-in user accessing a portal to check application status. A faculty member might use the public site to find department resources, then log into an internal system to manage course content. Similar patterns appear in healthcare and financial services. A patient may research services online, then sign in to view records or schedule care. A financial advisor may alternate between internal dashboards and public-facing support tools. In all of these cases, identity, access, and consent overlap throughout the user journey.

When SSO and consent frameworks are not connected, the overall experience begins to degrade. Personalization systems may not recognize the user across sessions or platforms. Analytics tools might collect incomplete or inaccurate behavioral data. Compliance processes could fail to account for whether consent was properly obtained or respected. These gaps create confusion and friction, both for end users and for internal teams trying to make sense of the data.

Rethinking SSO in the Experience Stack

SSO is often implemented to reduce password fatigue and enforce security standards. But in the context of digital experience, it should also serve a broader purpose. It should allow for seamless transitions across platforms and systems, while maintaining the context of who the user is.

In many organizations, SSO is applied only to individual tools. A user may log into a portal but get logged out of the CMS or support center. In other cases, login is implemented, but identity data is not passed through in a usable way. That means personalization systems cannot tailor content, even though the user is technically authenticated.

SSO can also support role-based experiences. A marketing lead may need a different view than a sales rep. A content author should see different functionality than a product manager. When identity is implemented well, these roles can be mapped cleanly across systems. When it is not, teams end up duplicating work and rebuilding features that should be standard.

Organizations with federated structures face an additional challenge. A global enterprise or multi-campus institution might have separate identity providers in different regions or departments. In those environments, federated SSO becomes essential to maintaining experience continuity. Without it, the user journey becomes fragmented and frustrating.

Consent as an Experience Lever, Not Just a Legal Requirement

Consent management is often reduced to a banner or checkbox, but it should be seen as an active part of your digital architecture. Consent controls what data you are allowed to collect, how you segment users, and what kind of personalization is even possible. It is deeply tied to the performance and governance of your martech stack.

If your analytics platform does not recognize consent status, your reports will be incomplete or misleading. If your personalization engine is unaware of opt-in preferences, you may be using data you are not authorized to use. In some regions, even showing tailored content based on browsing behavior may be restricted unless the user has opted in.

Consent-aware platforms allow for dynamic control. They can block tracking tags until approval is granted, segment users based on consent type, or suppress certain types of content altogether. They can also respect geo-specific rules, adapting the experience to meet varying legal standards. But all of this requires integration. It cannot be solved by a standalone tool operating in a vacuum.

Progressive profiling is another area that depends on a well-defined consent strategy. As users move through your funnel, you may begin collecting additional data points such as job title, preferences, service interests, or product eligibility. If those actions are not clearly tied to a consent-aware framework, the quality and reliability of your data will begin to decline. Without that alignment, you risk collecting information that cannot be ethically used or consistently applied across systems.

Governance and the Gaps in Ownership

Part of the reason these issues persist is that no one owns the full identity layer. SSO lives in IT. Consent lives in legal or compliance. Experience design sits with marketing or product. As a result, most DXP strategies fail to include a coherent identity model or an integrated plan for user access and data permissions.

A mature digital platform strategy should include clear data models for identity, mapped to real-world user journeys. It should ensure that login systems, personalization logic, and consent frameworks are interoperable. It should also define who owns what, and how these layers are tested, monitored, and evolved over time.

Without that alignment, most organizations find themselves reacting to problems only after they become visible. These problems often take the form of broken user experiences, inconsistent personalization across platforms, or compliance gaps that are discovered during internal reviews or external audits.

Final Thoughts

If digital experience is a true organizational priority, then identity strategy must be treated as a core part of the planning process. It should not be limited to authentication mechanisms or basic compliance checklists. Instead, it should focus on building a connected system that recognizes users, respects their preferences, and delivers consistent experiences across every channel.

Rather than focusing only on login pages or consent banners, consider the entire user journey from start to finish. Evaluate whether your platforms are genuinely integrated or simply operating in parallel without meaningful coordination. The strength of your digital experience depends on how well those systems work together behind the scenes.