Workflows For A CIAM System

Heya,

CIAM systems are slightly different that IAM systems. CIAM systems help customers or users authenticate and access data or fucntionality. IAM systems, on the other hand, help employees or contractors authenticate and access data or fucntionality.

They are at different scales, since almost every company has far more users than they do employees.

And they also have different workflows.

Here is a list of workflows that your CIAM system should support:

• Log in (authentication)

• Log out (more interesting than it looks) including from multiple applications

• Associating a user with one or more applications, including roles or other access control

• Self-service registration, single or multi-page

• Progressive self-service registration

• Forgot password/username/account recovery

• Phone number/email verification

• Changing a password

• Multi-factor authentication challenge

• Profile editing and management, including updating login identifier and adding/removing multi-factor methods

• Magic link passwordless authentication

• WebAuthn/passkey passwordless authentication

• Password expiration

• Account lockout based on user behavior

• Password validation/rules

• Compromised password detection

• Federated login with other identity sources including LDAP, OIDC, and SAML

• Linking between remote identity source accounts and local accounts

Not every one of these workflows will be used by every application in your CIAM system (except login and logout), but they all could play a role.

Dan