What is Customer Identity and Access Management (CIAM)?

What is Customer Identity and Access Management (CIAM)?

June 26, 2020

What is CIAM?

Customer identity and access management (CIAM) enables organizations to securely capture and manage customer identity and profile data, as well as control customer access to applications and services.

Strong CIAM (aka customer identity) solutions usually provide a combination of features including customer registration, self-service account management, consent and preference management, single sign-on (SSO), multi-factor authentication (MFA), access management, directory services and data access governance. The best CIAM solutions ensure a secure, seamless customer experience at extreme scale and performance, no matter which channels (web, mobile, etc.) customers use to engage with a brand.


These solutions can be delivered via software that can be deployed on premises, in private clouds or via API-first Identity-as-a-Service (IDaaS) platforms. These platforms expose their capabilities—including admin capabilities—via APIs and are geared toward development teams who want to embed CIAM services into their applications. Regardless of delivery method, the goal is to make the experience of accessing digital applications seamless and secure.

Why CIAM Is Important

Customers want two simple things as they interact with brands. Firstly, they want brands to delight them by providing great user experiences. Secondly, they want brands to protect them from fraud, breaches and privacy violations. CIAM helps you do both.

Delighting your customers means ensuring their journey—from their initial introduction to your brand to the time they become your loyal advocates—is as smooth as possible. If you fall short of providing an exceptional experience, your customers may go elsewhere.

“One in three customers will walk away from 
a brand they love after just one bad experience."


Source: “Experience is everything: Here’s how to get it right,” PwC, 2018 

Given what’s at stake, a great customer experience is no longer just nice to have; it's a critical differentiator. In their ”Experience is everything” report, PwC found that 32% of customers will abandon a favorite brand after just one bad experience.
You can’t stop at experience either. Customers also care deeply about security. A 2019 Ping Identity report revealed that 81% of customers would stop engaging with a brand online following a breach (a 3% increase over 2018), and one in four would stop all interaction whatsoever. The most recent Cost of a Data Breach study found that of the $3.92 million average cost of a data breach, 36% of the total, or $1.42 million, was the direct result of lost business.  


To give your customers what they want and keep them coming back requires both delighting them and protecting them. Customer IAM helps you strike the ideal balance between customer experience and security, without needing to sacrifice one in pursuit of the other.

Why CIAM vs. IAM

Many companies have an identity and access management (IAM) solution for their workforce. But employee IAM solutions often lack the features needed to deliver a great customer experience, including:

Unified profiles

Customer access isn't just about web apps anymore. The channels your customers use to engage with your brand has grown to include mobile, IoT, partner applications and more. CIAM enables unified customer profiles so that you can provide consistent multi-channel experiences and personalized interactions to your customers.

Security requirements

The increased scale and frequency of data breaches has left many organizations unsure of their ability to protect their most valuable customer data. CIAM solutions provide powerful security features extending from authentication to the data layer to reduce your risk of breach—and the subsequent loss of revenue, reputation and customer trust.

Performance and scalability

If you’re like many enterprises, the amount of data you’re collecting about each customer is increasing exponentially. You may also experience fluctuating customer demand due to seasonality or other reasons. You can address these unique challenges with customer identity so you’re able to deliver instant and frictionless access to customer-facing apps and services during peak usage times and as your customer base grows.

Privacy and regulatory compliance

Customers are sharing more and more information with organizations and their partners to make interactions easier and more personalized. But your customers’ concerns about data privacy haven’t lessened, and they expect you to be good stewards of their data. CIAM helps you demonstrate your security commitment by giving customers the ability to control how and with whom their data is shared. It also gives you the capabilities to enforce customer consent and comply with privacy regulations like the General Data Protection Regulation (GDPR).

How You Benefit from CIAM

Customer identity plays a foundational role in enhancing both security and experience across your customer’s journey. While your specific journey may look slightly different, the core stages are typically consistent, beginning with acquisition and retention. Here are the ways customer identity helps you deliver a smooth and secure journey, beginning with acquisition and retention.


Acquire and Retain Customers

A lot of money is spent getting new customers to interact with your brand for the first time. Their first impression starts with the registration process, making it a critical aspect to get right.  



Registration is the pivotal point when you’re able to capture a new prospect. Because you’re asking them to give you information for the first time, you need to streamline the experience. Customer identity helps you ensure they complete the process by:


  • Enabling convenient registration capabilities like social registration
  • Providing customized registration forms that are pixel-perfect representations of your brand
  • Ensuring registration is consistent for all apps
By helping you smooth the registration process, CIAM helps you minimize abandonment and maximize conversion rates.


After registration, customers must authenticate—or sign on—to interact with your digital properties. If they have to use a different set of credentials for each application and can’t easily access what they want, they may walk away from your brand and straight into the arms of your competitors.

Customer identity lets you provide single sign-on so customers gain easy access to all applications—even partner apps that you don't own or apps in the cloud—with a single login screen and a single set of credentials. SSO with social login gives your customers the additional convenience of using their credentials from a social media provider like Facebook to authenticate. At the same time, customer-friendly MFA using SMS, email or push notifications from custom mobile apps to complete authentication ensures the sign-on process is both simple and secure.

With CIAM, you can provide the frictionless access your customers want, setting the stage for increased interaction, spending and loyalty.

Drive Loyalty & Revenue

Once customers have successfully introduced themselves to your brand, you must turn your focus to delivering convenient and consistent customer experiences across channels. Here are the fundamentals that help you do so.




Your customers need the ability to access their data consistently across all channels. Even if you’ve implemented SSO and are providing consistent sign-on experiences for all your apps, your apps may still lack access to a single set of customer data. Application A may think a customer’s phone number is 512-555-5555, while Application B says it’s 555-867-5309. These are the types of discrepancies that create disjointed and disappointing experiences for customers.

Imagine that you’ve just moved and updated your address in your bank’s web application. You then order checks—not realizing you’re using a separate application—and assume the address change will be reflected. But your checks get delivered to your old address. That’s the kind of negative experience that sours customer relationships. Customer identity ensures that all applications have access to the same view of the customer. If a customer updates their information in one place, it’s updated everywhere.



If a customer is requesting support, they’re likely having a negative experience. To ensure a small problem doesn’t balloon into a major issue and a lost customer, you need the ability to quickly and effectively address support requests. By streamlining the authentication process, customer identity helps you provide a better experience, including stronger support capabilities.

Support calls are typically frustrating and tedious experiences that require you to first identify yourself through an interactive voice response (IVR) system, then identify yourself again once you get a rep on the line. Using CIAM capabilities, your support reps can identify a logged-in support customer without requiring them to login again. They’re able to answer the phone with a friendly “how can I help you?” instead of an impersonal “who are you?”



As customers progress in their journey with your brand, they begin interacting with different applications and channels. These different applications may want to store different details about customers. Some examples include:

  • An ecommerce app wants to store information about the styles of clothing a customer prefers.
  • A pharmacy app wants to store whether or not a customer wants reminder notifications about prescription refills.
  • A loyalty app wants to store the types of rewards a customer is interested in.

Customer identity allows any app to store any data about a customer, from unstructured JSON objects to bespoke custom attributes. This data can be stored in a single unified customer profile that is accessible to all apps, so any app can use data or preferences set in any other app to personalize a customer’s experience. With the benefit of CIAM capabilities, your various digital properties can offer meaningful up-sell opportunities and deliver personalized, multiomni-channel customer experiences.

Build Customer Trust

Like loyalty, trust is something that’s built with your customers over time. You do this by giving them control over and visibility into their data and how it’s being used.



Privacy regulations like GDPR and CCPA impose steep fines on companies that fail to comply. But at their core, they exist to encourage companies to be good stewards of customer data. Customer identity plays a critical role in helping you protect the privacy of your customers’ data and build a foundation of trust with your customers.

Collecting customer consent and enforcing it are two different things. CIAM helps you do both. Giving your customer the ability to accept your privacy policy or decide who you share their email address with are examples of collecting consent. To enforce it, you need to make sure apps are able to access only the data that the customer agrees to share.

Customer identity allows you to inspect customer consent and make sure it’s enforced. In the case of sharing emails, if the customer has specified that their email shouldn’t be shared with a partner app, the email address will be excluded when the app requests customer data. This type of enforcement ensures compliance with privacy regulations and also facilitates responsible open business. By giving you assurance that data is being shared based on consent, you can leverage open business to provide even better customer experiences and gain a leg up on your competition.


Protect Customer Data

At every stage of the user journey, CIAM ensures customer data is protected and secure. The unique capabilities of customer identity help you strengthen security, while minimizing the likelihood of data breach and fraud.


Data Breaches

Data breaches typically involve a bad actor gaining access to many customer records—often many millions of records. Those records may contain passwords, usernames, phone numbers, credit card numbers or other personally identifiable information (PII). Simply posing as a customer will usually not help a hacker successfully breach large amounts of data, because customers don’t have access to the data of other customers. Instead, these attacks are often performed by insiders or are due to inadvertent mistakes made by IT or development teams.

Customer identity helps you thwart breaches across several fronts:

  • It encrypts data so that even if a hacker gains access to it, the data is very difficult or impossible for them to use.
  • It alerts administrators of suspicious activity, such as an admin account gaining escalated privileges to customer data.
  • It makes logs tamper evident, so an insider cannot cover their tracks when attempting to breach data.
  • It limits the amount of records an administrator can download so they’re unable to act quickly, giving you more time to detect the suspicious activity.


Unlike data breaches that are volume attacks, fraud attempts are typically directed at individual customers. A fraudster may gain access to customer credentials from a site that has been breached or through a phishing attack. They then try those credentials on high-value targets like banking websites. Since customers unfortunately are prone to sharing credentials across sites, the fraudster’s attempts are often successful.

The best defense against fraud is MFA. Multi-factor authentication goes beyond usernames and passwords, requiring an additional form of authentication to verify a user’s identity. Often this involves sending a push notification to a device that is linked to a customer’s account.

Unlike MFA for employees, customer MFA has to be convenient. You can’t expect a customer to carry and use a USB hard token every time they make a purchase, nor would you want to incur the expense and support required of that approach. Instead, customer MFA should leverage something the customer is already comfortable using, such as SMS, email or a mobile app.

Sending push notifications from your custom mobile app—through a customer identity mobile SDK—is the most secure and convenient method of MFA. However, since you can’t force customers to download your mobile app, you must offer additional methods of MFA to ensure customers aren’t inconvenienced and deliver MFA to as many customers as possible. Even if they use a less secure authentication factor, like a code sent via SMS, any MFA is better than no MFA.

To deliver ultimate convenience, you can enable adaptive authentication. Adaptive authentication is able to evaluate customer behavior, information from their device and other contextual factors. It uses this information in real-time to determine the level of risk involved and add MFA only when warranted. By limiting the need for additional authentication to higher risk scenarios, you’re able to eliminate friction from risk-free transactions, streamlining the customer experience.


CIAM: Your Competitive Advantage

When it comes to IAM, the fundamental difference between customers and employees is your customers have a choice about doing business with you. If you're not meeting their experience expectations, or if they fear their data might be compromised, they can easily go to a competitor. On the other hand, when you’re able to delight them with seamless experiences and protect them through every stage of their journey, you’re able to acquire and retain more customers, drive increased revenue and loyalty, and earn their trust.
To learn more ways customer identity helps you gain a competitive advantage, get the Ultimate Guide to CIAM