What is CIAM?
This article, by the good folks at Auth0, does a good job of explaining what customer identity and access management (CIAM) is and why you might be interested in it as you build out a customer facing application.
CIAM sits at the intersection of security, customer experience, and analytics. Providing an easy, frictionless way for users to onboard and log in is critical for driving conversions and building customer loyalty. Protecting sensitive data from malicious intrusion and taking steps to prevent data breaches is central to a sound security policy and compliance with data privacy laws. And compiling user data into a single source of truth is essential to understanding your customers.
The author discusses the four major aspects of CIAM:
Scalability - the ability to handle millions of users, including seasonal spikes
Single sign-on - letting the user sign in once and access multiple applications
MFA - allowing or requiring more than one factor of authentication to secure customer access to their data
Centralized user management - one view of the customer
I think these are definitely part of CIAM, but in my mind the author misses three other key features:
Self service - this is related to scalability, but different. When you are serving millions of customers, the ability to do a task as simple and common as modify a password without calling customer service can impact customer happiness (and profitability)
Standards based - because CIAM systems integrate with a variety of open source, commercial off the shelf or custom built applications, ensuring they work with standards like OpenID Connect or SAML are critical. Trust me, you will have enough difficulty centralizing profile data and management without every integration require custom code.
Customizability - when you are building out a CIAM solution, you want your customers to see your branding and URL, not that of a solution provider. You also want to be able to control workflows and other aspects of the login experience. This may even be customized on a person by person basis, for example by offering different experiences for customers at different membership levels or in different countries.
The article goes on to examine the benefits of CIAM:
Data security
Data privacy legal compliance
Business enablement
I think of CIAM as a data hub, where you can go to get one view of your users, and where users can make changes they need without any effort on your part.
That ideal isn’t easy to achieve, since many applications have and need different views of your customer, but working towards that ideal will give you benefits along the way.
You might be wondering what the difference is between a CIAM system and a CRM system, since both handle customer data. This article, which I wrote, explains that:
The purpose of CRM is to record the interactions with a customer and the audience is internal. While you might have different channels and other data structures in a CRM, it’s not a multi-purpose login experience for your customers.
On the other hand, the purpose of CIAM is to allow the user to manage and control their identity, from credentials to profile data to MFA, with as much self-service as possible to empower the customer. Additionally, CIAM is focused on access control for different applications.
So they are different systems with different functions.
Dan