Simply put, customer identity and access management (CIAM) is identity and access management for users who have a choice. To be effective, customer IAM must bundle effective resource protection with world-class customer experience, enabling a secure, seamless customer experience across a range of channels -- web, mobile, digital and so on.
CIAM = digital experience + IAM
It helps to think of customer IAM as the Venn diagram intersection of two technology trends: digital customer experience and advanced IAM. That is, to be effective, CIAM has to be part of the overall user experience, which in turn must feature all the characteristics of a next-generation -- or digital -- customer experience.
That means it should be seamless -- not requiring cumbersome manual processes -- and scale across a user's multiple online identities and devices -- phone, tablet, multiple browsers. These requirements, in turn, drive the need for things like adaptive access, which relies on contextual information such as the user's device, IP address, geographical location and past behavior, in addition to traditional techniques like usernames, passwords and biometrics.
Customer IAM also needs to incorporate advanced IAM, including features like scalability, granularity, and hierarchical and group-based authentication. That is, administrators should be able to securely manage hundreds of thousands to millions of users, control which resources these users have access to at a granular level, and impose security policies based on groups or hierarchies of users -- e.g., all users of type X have access to resource W but not resources Y and Z.
Regardless of the vendor, it's important to recognize that CIAM isn't the same as IAM. The requirements are different, which means the products need to function differently.
Some things to consider when implementing customer IAM include the following:
Cloud-based services, compared to on-premise tools more typical of IAM, are generally better at meeting scalability requirements. Cloud services can scale from a few to a few million users without needing to be over-engineered from the beginning.
Because users are anonymous -- and their claims about themselves can't necessarily be trusted -- authentication should take place against public services, such as OpenID, or social media logins, like Facebook, Google and This, which means that the CIAM solution needs robust integration with these services.
Another key requirement is back-end integration with marketing analytics and automation tools and CRM products. In many cases, the information gleaned from CIAM offerings is useful to understand customer behavior, and it needs to be integrated into the analytics tools that are currently in place. Look for products that have APIs for your company's ecosystems.
Compliance with regulations like the European Union's General Data Protection Regulation is critical. Because the tool and its associated ecosystem will be storing customer data, it's important to be able to demonstrate that the data is protected and private.
In short, customer IAM is not just IAM on steroids. The shift from users to customers has profound implications. When selecting a CIAM tool, it's important to keep these implications in mind.
