Customer identity and access management (CIAM) is a specific aspect of identity and access management (IAM) focusing on external users (e.g., customers, contractors, shareholders). While CIAM began as a solution for managing customers’ identities, it has evolved to protect data generated by these users.
Sometimes CIAM systems are conflated with customer relationship management (CRM) systems, but each is a distinct entity.
70% of consumers say they are more likely to purchase from a company verified to offer the highest data privacy and security standards.i As such, CIAM provides not only a risk-management strategy, but also offers a competitive advantage.
CIAM typically encompasses the following capabilities:
- Self-service registration
- Password and consent management
- Profile generation and management
- Authentication and authorization into applications
- Identity repositories
- Reporting and analytics
- APIs and SDKs for mobile applications
- Social identity registration and login
CIAM: External IAM
The simplest comparison between IAM and CIAM is to regard them as internal vs. external, respectively. IAM provides organizations with internal identity management (e.g., provisioning, access controls, compliance efforts). CIAM ensures that external users interacting with a site or resource have great, seamless experiences while protecting their data.
Importantly, CIAM also helps protect your organization. Since your organization has no control over external users’ security practices limiting the vulnerabilities they can cause is critical. CIAM reduces the risk of an account being hacked or otherwise breached because of consumers’ poor security practices (e.g., using public networks, the same or similar passwords on multiple retail sites).
For organizations supporting customer interaction with their systems, CIAM becomes essential to protect all parties. The safer and more seamless an experience, the more satisfaction and assurance users will have. Happy users return and become consistent users.
Benefits of CIAM
The benefits of CIAM include the following (elaborated upon below):
- Improving customer registration and login experience
- Protecting customer data
- Consolidating various identity stores
- Seamless, secure end user experiences
CIAM improves both the security and experience of customer registration and logins. One way of doing this is to enable the use of social media identities (e.g. “Login with Google/Facebook”). By integrating authentication with these platforms, tedious registration processes are bypassed and all future authentication occurs much quicker. Most everyone has a Google or Facebook account. Enabling the use of social media-based SSO is a critical advantage of CIAM, and can be enhanced with multifactor authentication (MFA).
Logging in with social media accounts is typically carried out via the OAuth2 SSO protocol. For a more in-depth explanation of SSO and protocols, such as SAML (Security Assertion Markup Language) or OAuth, take a look at Tools4ever’s “What Is?” articles on the respective topics:
Another benefit of CIAM is that it’s a strong method for protecting customers’ data at a large scale. For example, logging in may require multifactor authentication (MFA) via email/SMS-delivered PIN code or other methods—common in the financial industry. These stronger CIAM authentication processes reduce the likelihood of a data breach within the network because of the behaviors and actions of external users.
Identity stores are digital repositories of data that verify machine entities or individual users are who they claim to be when logging in. Large organizations with more than one web property likely employ a separate identity store for each site. By integrating all identity stores under one CIAM, an organization simplifies account management and provides a seamless, “single logon” experience. For example, if a clothing retailer owns multiple brands with their own websites, customers would remain logged in while navigating between each.
Scalability of CIAM
One common difference between CIAM and IAM is the scale of active users. Whereas IAM mostly applies to employees, CIAM must account for all external users. Massive consumer-focused companies, such as retailers, likely have public-facing sites and apps as well as service, support, and account management operations. In these instances, a CIAM solution must be able to support potentially unlimited users—and their data—from around the globe.
In addition to the number of users served in a region or location, CIAM solutions must provide access to unlimited customers during peak usage times. For retail, this may be during certain sales events, promotions, holidays or heightened user engagement. Any quality CIAM solution must be able to handle peaks in user volume while delivering an excellent experience to the customer. Ideally, the CIAM solution should scale up and down automatically, elastically adjusting the resources handling traffic volume. This maximizes performance while minimizing any potential downtime.
Security and accessibility of CIAM
CIAM and IAM differ in their ability to provide security and accessibility to data. CIAM balances customer ease-of-use with the security of their and the organization’s data. When MFA is added to the access provision process, CIAM solutions must provide this additional layer of security without causing undue friction to the customer experience.
Likewise, CIAM technology allows organizations the ability to provide customer accessibility no matter the device or browser that is used to access data. This provides a consistent and seamless experience, whether the customer accesses the brand property from a website, app, store, or kiosk.
Suppliers and others
Customers are not the only users who need to access a brand’s site. Contractors, suppliers and supporting vendors may also need to access a retailer’s applications to manage inventory or check order status. CIAM allows direct access to inventory systems, which increases the overall organizational security and usability.
The ability for suppliers to access inventory systems increases direct communication between parties. CIAM inherently boosts customer service, helping all parties manage support, anticipate inventory demand, and more.
A CIAM solution is not as comprehensive as a CRM system, but it is usually less costly. A CRM system, such as Salesforce, allows everyone in an organization to manage external interactions, store customer/prospect information, manage marketing campaigns, and more. By contrast, a CIAM system focuses on the basic retail and supply aspects of a relationship.
In a world with ever-evolving interconnectivity and associated threats, CIAM is an essential option to explore for organizations who manage high volumes of external user activity within their systems, sites, or apps. Delivering optimal experiences encourages return customers. Offering a CIAM system as part of comprehensive shopping and security experience is a competitive advantage when it comes to first-class customer service.