What is Customer Identity and Access Management (CIAM)?

Customer identity and access management (CIAM) enables organizations to securely capture and manage customer identity and profile data, as well as control customer access to applications and services.

CIAM (aka customer identity) solutions  usually provide a combination of features including customer registration, self-service account management, consent and preference management, single sign-on (SSO), multi-factor authentication (MFA), access management, directory services and data access governance. The best CIAM solutions ensure a secure, seamless customer experience at extreme scale and performance, no matter which channels (web, mobile, etc.) customers use to engage with a brand.

These solutions can be delivered via software that can be deployed on premises, in private clouds or via identity-as-a-service (IDaaS) platforms. Some platforms expose their capabilities—including admin capabilities—via APIs and are geared toward development teams who want to embed CIAM services into their applications. Regardless of delivery method, the goal is to make the experience of accessing digital applications seamless and secure.

Customers want two simple things as they interact with brands.

• A great user experience

• Protection from fraud, breaches and privacy violations

Great User Experience

Delighting your customers means ensuring their journey from prospect to loyal brand advocate is as smooth as possible. That includes personalizing their experience without being overly intrusive. Your CIAM solution allows you to collect data from their interactions with your website, apps and partner apps, giving you a well-developed customer profile.  If you fall short of providing an exceptional experience, your customers may go elsewhere. 

Given what’s at stake, a great customer experience is no longer just nice to have; it's a critical differentiator. In its ”Experience is everything” report, PwC found that 32% of customers will abandon a favorite brand after just one bad experience.

Data Protection

Customers also care deeply about security. A 2019 Ping Identity report revealed that 81% of customers would stop engaging with a brand online following a breach (a 3% increase over 2018), and one in four would stop all interaction whatsoever. The most recent IBM Cost of a Data Breach study found that of the $3.92 million average cost of a data breach, 36% of the total, or $1.42 million, was the direct result of lost business.  

Many companies have an identity and access management (IAM) solution for their workforce, but employee IAM solutions often lack the features needed to deliver a great customer experience. Customer IAM includes:

Unified profiles

Customer access has grown beyond web apps to include mobile, IoT, partner applications and more. CIAM enables unified customer profiles so that you can provide consistent multi-channel experiences and personalized interactions with your customers.

Security requirements

The increased scale and frequency of data breaches has left many organizations unsure of their ability to protect their most valuable customer data. CIAM solutions provide powerful security features extending from authentication to the data layer to reduce your risk of breach—and the subsequent loss of revenue, reputation and customer trust.

Performance and scalability

If you’re like many enterprises, the amount of data you’re collecting about each customer is increasing exponentially. You may also experience fluctuating customer demand due to seasonality or other reasons. CIAM allows you to deliver instant and frictionless access to customer-facing apps and services during peak usage times and as your customer base grows.

Privacy and regulatory compliance

Customers are sharing more and more information with organizations and their partners to make interactions easier and more personalized. But your customers’ concerns about data privacy haven’t lessened, and they expect you to be good stewards of their data. CIAM helps you demonstrate your security commitment by giving customers the ability to control how and with whom their data is shared. It also gives you the capabilities to enforce customer consent and comply with privacy regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act of 2018 (CCPA).

Customer identity plays a foundational role in enhancing both security and experience across your customer’s journey. A 2021 Ping Consumer Survey: Brand Loyalty is Earned at Login found that 56% of online consumers have abandoned an online service when logging in was too frustrating.

While your specific journey may look slightly different, the core stages are typically consistent, beginning with acquisition and retention. Here are the ways customer identity helps you deliver a smooth and secure journey, beginning with acquisition and retention.

Acquire and Retain Customers

A lot of money is spent getting new customers to interact with your brand for the first time. Their first impression starts with the registration process, making it a critical aspect to get right.  

Registration

Registration is the pivotal point when you’re able to capture a new prospect. Customer identity helps you ensure they complete the process by:

• Enabling convenient registration capabilities like social registration
• Providing customized registration forms that are pixel-perfect representations of your brand
• Ensuring registration is consistent for all apps

A streamlined registration process helps you minimize abandonment and maximize conversion rates.

Authentication

After registration, customers must authenticate their identities to interact with your digital properties. If they have to use a different set of credentials for each application and can’t easily access what they want, they may walk away from your brand and straight into the arms of your competitors.

Customer identity lets you provide single sign-on so customers gain easy access to all applications—even partner apps that you don't own or apps in the cloud—with a single login screen and set of credentials. SSO with social login gives your customers the additional convenience of using their credentials from a social media provider like Facebook to authenticate. At the same time, customer-friendly MFA using SMS, email or push notifications from custom mobile apps to complete authentication ensures the sign-on process is both simple and secure.

With CIAM, you can provide the frictionless access your customers want, setting the stage for increased interaction, spending and loyalty.

Drive Loyalty & Revenue

Companies must focus on delivering convenient and consistent customer experiences across online channels to new and existing customers. CIAM provides brands with a holistic view of customers found in customer profiles, while providing customers with a better experience.

Self-Service

Your customers need the ability to access their data consistently across all channels. Even with SSO and a consistent sign-on experience for all apps, if you don’t have a centralized customer profile that syncs across all channels, customers will be frustrated. For example, imagine a customer updating their address in your web app, but ordering a product through your mobile app and having the product delivered to their old address.

Customer identity ensures that all applications have access to the same view of the customer. If a customer updates their information in one place, it’s updated everywhere.

Support

To ensure a small problem doesn’t balloon into a major issue and a lost customer, you need the ability to quickly and effectively address support requests.
 

Support calls are typically frustrating and made worse by forcing customers to authenticate themselves multiple times, especially if they have been on hold for a long time. Using CIAM capabilities, your support reps can identify a logged-in support customer without requiring them to login again and address their issues more quickly.

Personalization

As customers progress in their journey with your brand, may be interacting with multiple applications and channels that want to store different details about customers. Some examples include:

• An ecommerce app wants to store information about the styles of clothing a customer prefers.
• A pharmacy app wants to store whether a customer wants reminder notifications about prescription refills.
• A loyalty app wants to store the types of rewards a customer is interested in.

Customer identity allows any app to store any data about a customer, from unstructured JSON objects to bespoke custom attributes. This data can be stored in a single unified customer profile, so any app can use data or preferences set in any other app to personalize a customer’s experience. With the benefit of CIAM capabilities, your various digital properties can offer meaningful upsell opportunities and deliver personalized, multi-channel customer experiences.

Build Customer Trust

Like loyalty, trust is something that’s built with your customers over time. You do this by giving them control over and visibility into their data and how it’s being used.

Privacy

Privacy regulations like GDPR and CCPA impose steep fines on companies that fail to comply. But at their core, they exist to encourage companies to be good stewards of customer data. Customer identity plays a critical role in helping you protect the privacy of your customers’ data and build a foundation of trust with your customers.

Collecting customer consent and enforcing it are two different things. CIAM helps you do both. Giving your customer the ability to accept your privacy policy or decide who you share their email address with are examples of collecting consent. To enforce it, you need to make sure apps are able to access only the data that the customer agrees to share.

Customer identity allows you to inspect customer consent and make sure it’s enforced. In the case of sharing emails, if the customer has specified that their email shouldn’t be shared with a partner app, the email address will be excluded when the app requests customer data. This type of enforcement ensures compliance with privacy regulations and also facilitates responsible open business. By giving you assurance that data is being shared based on consent, you can leverage open business to provide even better customer experiences and gain a leg up on your competition.

At every stage of the user journey, CIAM ensures customer data is protected and secure. The unique capabilities of customer identity help you strengthen security, while minimizing the likelihood of data breach and fraud.

Data Breaches

Data breaches typically involve a bad actor gaining access to many customer records—often many millions of records. Those records may contain passwords, usernames, phone numbers, credit card numbers or other personally identifiable information (PII). Simply posing as a customer will usually not help a hacker successfully breach large amounts of data, because customers don’t have access to the data of other customers. Instead, these attacks are often performed by insiders or are due to inadvertent mistakes made by IT or development teams.

Customer identity helps you thwart breaches across several fronts:

• It encrypts data so that even if a hacker gains access to it, the data is very difficult or impossible for them to use.
• It alerts administrators of suspicious activity, such as an admin account gaining escalated privileges to customer data.
• It makes log tampering evident, so an insider cannot cover their tracks when attempting to breach data.
• It limits the amount of records an administrator can download so they’re unable to act quickly, giving you more time to detect the suspicious activity.

Fraud

Unlike data breaches that are volume attacks, fraud attempts are typically directed at individual customers. A fraudster may gain access to customer credentials from a site that has been breached or through a phishing attack. They then try those credentials on high-value targets like banking websites. Since customers unfortunately are prone to sharing credentials across sites, the fraudster’s attempts are often successful.

The best defense against fraud is MFA. Multi-factor authentication goes beyond usernames and passwords, requiring an additional form of authentication to verify a user’s identity. Often this involves sending a push notification to a device that is linked to a customer’s account.

Sending push notifications from your custom mobile app through a customer identity mobile SDK is the most secure and convenient method of MFA. However, since you can’t force customers to download your mobile app, you must offer additional methods of MFA to ensure customers aren’t inconvenienced

To deliver ultimate convenience, you can enable adaptive authentication. Adaptive authentication is able to evaluate customer behavior, information from their device and other contextual factors. It uses this information in real-time to determine the level of risk involved and add MFA only when warranted. By limiting the need for additional authentication to higher risk scenarios such as logging in from a new device, you’re able to eliminate friction from risk-free transactions, streamlining the customer experience.

Fraud detection tools that use data collection and analysis to identify fraudulent behavior can also proactively stop fraud before it happens. By continuously collecting behavioral data throughout a user’s journey, such as navigation patterns, speed, scrolling and mouse movements, these tools can identify non-human trends or patterns of behaviors typical of humans engaging in fraudulent behavior. Best of all, you can identify fraudulent activity without inconveniencing actual customers.

Customers have a choice about doing business with you. If you're not meeting their experience expectations, or if they fear their data might be compromised, they can easily go to a competitor. On the other hand, when you’re able to delight them with seamless experiences and protect them through every stage of their journey, you’re able to acquire and retain more customers, drive increased revenue and loyalty, and earn their trust.

To learn more ways customer identity helps you gain a competitive advantage, get the Ultimate Guide to CIAM.