Customer identity and access management (CIAM) enables organizations to securely capture and manage customer identity and profile data, as well as control customer access to applications and services.
CIAM (aka customer identity) solutions usually provide a combination of features including customer registration, self-service account management, consent and preference management, single sign-on (SSO), multi-factor authentication (MFA), access management, directory services and data access governance. The best CIAM solutions ensure a secure, seamless customer experience at extreme scale and performance, no matter which channels (web, mobile, etc.) customers use to engage with a brand.
These solutions can be delivered via software that can be deployed on premises, in private clouds or via identity-as-a-service (IDaaS) platforms. Some platforms expose their capabilities—including admin capabilities—via APIs and are geared toward development teams who want to embed CIAM services into their applications. Regardless of delivery method, the goal is to make the experience of accessing digital applications seamless and secure.
Why is CIAM Important?
Customers want two simple things as they interact with brands.
A great user experience
Protection from fraud, breaches and privacy violations
Great User Experience
Delighting your customers means ensuring their journey from prospect to loyal brand advocate is as smooth as possible. That includes personalizing their experience without being overly intrusive. Your CIAM solution allows you to collect data from their interactions with your website, apps and partner apps, giving you a well-developed customer profile. If you fall short of providing an exceptional experience, your customers may go elsewhere.
“One in three customers will walk away from a brand they love after just one bad experience."
Source: “Experience is everything: Here’s how to get it right,” PwC, 2018
Given what’s at stake, a great customer experience is no longer just nice to have; it's a critical differentiator. In its ”Experience is everything” report, PwC found that 32% of customers will abandon a favorite brand after just one bad experience.
Customers also care deeply about security. A 2019 Ping Identity report revealed that 81% of customers would stop engaging with a brand online following a breach (a 3% increase over 2018), and one in four would stop all interaction whatsoever. The most recent IBM Cost of a Data Breach study found that of the $3.92 million average cost of a data breach, 36% of the total, or $1.42 million, was the direct result of lost business.
How is CIAM Different from IAM?
Many companies have an identity and access management (IAM) solution for their workforce, but employee IAM solutions often lack the features needed to deliver a great customer experience. Customer IAM includes:
Customer access has grown beyond web apps to include mobile, IoT, partner applications and more. CIAM enables unified customer profiles so that you can provide consistent multi-channel experiences and personalized interactions with your customers.
The increased scale and frequency of data breaches has left many organizations unsure of their ability to protect their most valuable customer data. CIAM solutions provide powerful security features extending from authentication to the data layer to reduce your risk of breach—and the subsequent loss of revenue, reputation and customer trust.
Performance and scalability
If you’re like many enterprises, the amount of data you’re collecting about each customer is increasing exponentially. You may also experience fluctuating customer demand due to seasonality or other reasons. CIAM allows you to deliver instant and frictionless access to customer-facing apps and services during peak usage times and as your customer base grows.
Privacy and regulatory compliance
Customers are sharing more and more information with organizations and their partners to make interactions easier and more personalized. But your customers’ concerns about data privacy haven’t lessened, and they expect you to be good stewards of their data. CIAM helps you demonstrate your security commitment by giving customers the ability to control how and with whom their data is shared. It also gives you the capabilities to enforce customer consent and comply with privacy regulations like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act of 2018 (CCPA) .
While your specific journey may look slightly different, the core stages are typically consistent, beginning with acquisition and retention. Here are the ways customer identity helps you deliver a smooth and secure journey, beginning with acquisition and retention.
Acquire and Retain Customers
A lot of money is spent getting new customers to interact with your brand for the first time. Their first impression starts with the registration process, making it a critical aspect to get right.
Registration is the pivotal point when you’re able to capture a new prospect. Customer identity helps you ensure they complete the process by:
Enabling convenient registration capabilities like social registration
Providing customized registration forms that are pixel-perfect representations of your brand
Ensuring registration is consistent for all apps
A streamlined registration process helps you minimize abandonment and maximize conversion rates.
After registration, customers must authenticate their identities to interact with your digital properties. If they have to use a different set of credentials for each application and can’t easily access what they want, they may walk away from your brand and straight into the arms of your competitors.
Customer identity lets you provide single sign-on so customers gain easy access to all applications—even partner apps that you don't own or apps in the cloud—with a single login screen and set of credentials. SSO with social login gives your customers the additional convenience of using their credentials from a social media provider like Facebook to authenticate. At the same time, customer-friendly MFA using SMS, email or push notifications from custom mobile apps to complete authentication ensures the sign-on process is both simple and secure.
With CIAM, you can provide the frictionless access your customers want, setting the stage for increased interaction, spending and loyalty.
Drive Loyalty & Revenue
Companies must focus on delivering convenient and consistent customer experiences across online channels to new and existing customers. CIAM provides brands with a holistic view of customers found in customer profiles, while providing customers with a better experience.
Your customers need the ability to access their data consistently across all channels. Even with SSO and a consistent sign-on experience for all apps, if you don’t have a centralized customer profile that syncs across all channels, customers will be frustrated. For example, imagine a customer updating their address in your web app, but ordering a product through your mobile app and having the product delivered to their old address.
Customer identity ensures that all applications have access to the same view of the customer. If a customer updates their information in one place, it’s updated everywhere.
To ensure a small problem doesn’t balloon into a major issue and a lost customer, you need the ability to quickly and effectively address support requests.
Support calls are typically frustrating and made worse by forcing customers to authenticate themselves multiple times, especially if they have been on hold for a long time. Using CIAM capabilities, your support reps can identify a logged-in support customer without requiring them to login again and address their issues more quickly.
As customers progress in their journey with your brand, may be interacting with multiple applications and channels that want to store different details about customers. Some examples include:
An ecommerce app wants to store information about the styles of clothing a customer prefers.
A pharmacy app wants to store whether a customer wants reminder notifications about prescription refills.
A loyalty app wants to store the types of rewards a customer is interested in.
Customer identity allows any app to store any data about a customer, from unstructured JSON objects to bespoke custom attributes. This data can be stored in a single unified customer profile, so any app can use data or preferences set in any other app to personalize a customer’s experience. With the benefit of CIAM capabilities, your various digital properties can offer meaningful upsell opportunities and deliver personalized, multi-channel customer experiences.
Build Customer Trust
Like loyalty, trust is something that’s built with your customers over time. You do this by giving them control over and visibility into their data and how it’s being used.
Privacy regulations like GDPR and CCPA impose steep fines on companies that fail to comply. But at their core, they exist to encourage companies to be good stewards of customer data. Customer identity plays a critical role in helping you protect the privacy of your customers’ data and build a foundation of trust with your customers.
Customer identity allows you to inspect customer consent and make sure it’s enforced. In the case of sharing emails, if the customer has specified that their email shouldn’t be shared with a partner app, the email address will be excluded when the app requests customer data. This type of enforcement ensures compliance with privacy regulations and also facilitates responsible open business. By giving you assurance that data is being shared based on consent, you can leverage open business to provide even better customer experiences and gain a leg up on your competition.
How does CIAM Protect
At every stage of the user journey, CIAM ensures customer data is protected and secure. The unique capabilities of customer identity help you strengthen security, while minimizing the likelihood of data breach and fraud.
Data breaches typically involve a bad actor gaining access to many customer records—often many millions of records. Those records may contain passwords, usernames, phone numbers, credit card numbers or other personally identifiable information (PII). Simply posing as a customer will usually not help a hacker successfully breach large amounts of data, because customers don’t have access to the data of other customers. Instead, these attacks are often performed by insiders or are due to inadvertent mistakes made by IT or development teams.
Customer identity helps you thwart breaches across several fronts:
It encrypts data so that even if a hacker gains access to it, the data is very difficult or impossible for them to use.
It alerts administrators of suspicious activity, such as an admin account gaining escalated privileges to customer data.
It makes log tampering evident, so an insider cannot cover their tracks when attempting to breach data.
It limits the amount of records an administrator can download so they’re unable to act quickly, giving you more time to detect the suspicious activity.
Unlike data breaches that are volume attacks, fraud attempts are typically directed at individual customers. A fraudster may gain access to customer credentials from a site that has been breached or through a phishing attack. They then try those credentials on high-value targets like banking websites. Since customers unfortunately are prone to sharing credentials across sites, the fraudster’s attempts are often successful.
The best defense against fraud is MFA. Multi-factor authentication goes beyond usernames and passwords, requiring an additional form of authentication to verify a user’s identity. Often this involves sending a push notification to a device that is linked to a customer’s account.
Sending push notifications from your custom mobile app through a customer identity mobile SDK is the most secure and convenient method of MFA. However, since you can’t force customers to download your mobile app, you must offer additional methods of MFA to ensure customers aren’t inconvenienced
To deliver ultimate convenience, you can enable adaptive authentication. Adaptive authentication is able to evaluate customer behavior, information from their device and other contextual factors. It uses this information in real-time to determine the level of risk involved and add MFA only when warranted. By limiting the need for additional authentication to higher risk scenarios such as logging in from a new device, you’re able to eliminate friction from risk-free transactions, streamlining the customer experience.
Fraud detection tools that use data collection and analysis to identify fraudulent behavior can also proactively stop fraud before it happens. By continuously collecting behavioral data throughout a user’s journey, such as navigation patterns, speed, scrolling and mouse movements, these tools can identify non-human trends or patterns of behaviors typical of humans engaging in fraudulent behavior. Best of all, you can identify fraudulent activity without inconveniencing actual customers.
CIAM: Your Competitive Advantage
Customers have a choice about doing business with you. If you're not meeting their experience expectations, or if they fear their data might be compromised, they can easily go to a competitor. On the other hand, when you’re able to delight them with seamless experiences and protect them through every stage of their journey, you’re able to acquire and retain more customers, drive increased revenue and loyalty, and earn their trust.
Customer identity includes multi-factor authentication (MFA) which adds a layer of protection to customer data if passwords have been compromised and hackers attempt to use those credentials to access an account. Adaptive MFA looks at contextual factors for anomalies, such as a risky IP address and extended time since last login, and increases authentication requirements. CIAM also allows you to keep customer data in a secure directory that encrypts data at every stage, to protect it from attacks, avoid data breaches and comply with regulations.
Can Social Logins be used with CIAM?
Yes. A company’s CIAM solution can be integrated with partner apps, including social media. Social logins streamline the registration process and reduce friction, leading to lower abandonment rates. Because customers do not need to take the time to create additional passwords or other credentials, brands can increase conversions and sales while lowering overall acquisition costs.
How does Personalization Improve the Customer Experience?
A customer identity and access management system gathers data along the customer journey. As the profile builds over time, customer preferences are available for your web and mobile apps along with partner apps. Learning about your customer allows you to customize your product offerings and communications. New information, like a change of address, is shared with apps using the customer profile.
How does CIAM Assist with Regulatory Compliance?
Privacy regulations like EU’s General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Health Insurance Portability and Accountability Act (HIPAA) exist to ensure consumer data is protected. Compliance may include: providing customers with a detailed report of the data you collected; allowing customers to use self-service to access their own data; and so on. CIAM gives your customers the ability to control how and where their data is shared. CIAM also gives your company the ability to enforce customer consent and comply with privacy regulations.