Customer identity access management

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Customer (or consumer) identity and access management (CIAM) is a subset of the larger concept of identity access management (IAM) and is focused specifically on managing the identities of customers who need access to corporate websites, web portals and webshops.[1][2] Instead of managing user accounts in every instance of a software application of a company, the identity is managed in a CIAM component, making reuse of the identity possible. The biggest differentiator between CIAM and regular (internal) IAM is that in CIAM the consumers of the service manage their own accounts and profile data. [3]

CIAM functionality[edit]

Generally speaking a CIAM environment serves the following purposes:

  • Identity as a Service, for managing digital customer identities
  • CRM (Customer Relationship Management), for managing user behaviour
  • Consent Management for managing user consent in reference to Privacy

Identity as a Service[edit]

CIAM is a required component of modern user engagement allowing organizations to recognize unique customers and personalize their engagement based on collected personal preferences.

A single CIAM system can control access to multiple applications, using federation protocols to transfer the digital identity and access parameters to the different applications.

CIAM solutions are generally designed to scale to handle tens-of-millions of users or more in B2C environments. IAM is common in large organizations to control a wide scope of internal user access points [4] including computer hardware access, file and resource permissions, network access permissions, application access, and human resource needs.

In the simplest form, CIAM includes the registration and login processes that allow a customer to sign in and use a company’s application. More advanced systems can provide single sign-on (SSO), account and preference management, data tracking and reporting, multi-factor authentication, and user monitoring and management.


The digital identities managed by a CIAM solution are used to give access to different business applications, portals and webshops. Due to the fact that all these transactions are logged, the data can be used for profiling purposes. And transaction data can be correlated to the digital identities of the customers. The data can be seen as a relevant component of CRM systems.

Consent Management[edit]

Because of the nature of CIAM – user logging in, managing profiles, accessing services – CIAM solutions harvest a lot of personal information. Privacy laws, such as the GDPR in the European Union, hold CIAM providers accountable for processing this kind of data, hence the providers have taken steps to restrict the processing of these data by implementing Consent Management services. For every data element users can define whether a provider can process or transfer the personal data. For instance: a user can give or revoke consent to process transaction data for marketing purposes.

See also[edit]


  1. ^ "CIAM is a growing trend".
  2. ^ "Tech Support Trends for 2018".
  3. ^ "CIAM vs. IAM - Inversoft".
  4. ^ "Decoding Customer IAM (CIAM) vs. IAM". 7 July 2017.