Customer Identity & Access Management

Considering how hip this domain is, I’ll have to admit that I don’t like the name Customer Identity & Access Management (CIAM). Almost makes it sound dull and boring. Call it what you may, though, CIAM is an integral part of managing customers’ digital journey . Whether you’re a Chief Digital Officer looking at transformation projects; a CIO looking to modernize your infrastructure; a COO looking to improve your company’s operations; a CISO concerned with data breaches; a Product Manager or Architect looking to build new products; or even a consumer who just wants to know what’s happening behind the scenes when you’re interacting with brands; you’ve got to learn what CIAM is. So let’s dive straight into it.

CIAM has been around for ages

As a concept, CIAM isn’t new at all. Recall the earliest website where you might have made an “account” years ago. Maybe it was your AOL account or your Yahoo! account or your Hotmail account. Fast-forward almost three decades, and now we have the more familiar Facebook account, Snapchat account, or even your LinkedIn account that you’re using to read this blog. All these “accounts” form the basis of customer identity and access management, where you (the customer) create your account to access some form of online service. Here is how this age-old process looks like, not just for sign-up, but all the way from sign-up, to someone using a service, and to finally either close the account or flourish into an advocate for this service:

Though the term wasn’t coined back then, it was CIAM features that allowed these online service providers to manage this process or lifecycle. Managing this process was somewhat easier back then – both for the users (consumers) and the brands offering those services. For consumers, there were barely 2 or 3 of such services to deal with, so remembering the username and password (user credentials) was pretty easy. For brands, the number of users weren’t significantly high, and even if they were, most users were very homogeneous due to the simplicity of online services being offered. This is why it was easy to build simplistic CIAM capabilities into those web applications. CIAM, therefore, existed without anyone even knowing that it did!

So why the hype now

A couple of decades later, the dynamics have changed drastically. Smartphones, apps, self-serving kiosks, ATM machines, wearable devices and the likes, as new channels of interaction; and the pervasiveness of the Internet (broadband, WiFi, LTE, 5G etc.) has much to contribute to that. The number of these online service providers (or in modern lingo “digitally native products”) has grown exponentially, paving the way for instant delivery of online or digital services. What does this mean for consumers and for the brands?

For Consumers

• There is now a fatigue of user credentials (usernames, passwords etc.) that consumers need to manage/remember because of the influx of digital services (which reminds me...I need to find that paper on which I wrote 20-30 of those credentials!)
• The notion of instant gratification/service means that consumers want to interact with brands where they want (on the phone, laptop, kiosk or even a brick and mortar store), and when they want (24 hours a day, 7 days a week, 365 days a year)
• Conversely, consumers don’t want brands to bombard them with communication anytime they please, if at all! User consent is important
• They expect brands to remember their preferences, not only for communication, but also to make their interaction a lot more personalized
• Consumers expect a uniform experience across multiple touchpoints. And this isn’t just true for digital interactions (through web, mobile etc.) like a streaming service. If a frequent flyer has provided their seating preference through the mobile app, they expect the airline staff at the airport to be already aware if she/he is checking in at the airport (you know you never want to mess with the Gold or Platinum members!)

For Brands (Enterprises)

• The number of consumers using online/digital channels has increased significantly. This is becoming an issue of scalability, availability and business continuity
• The number of channels where brands need to manage the interaction with their users has increased. Managing these multiple channels is not just crucial for better consumer experience, but also crucial from an operational efficiency angle. As the number of channels and touchpoints increase, the cost of customer service, and the management thereof, becomes important
• Speaking of cost and operational efficiency, managing customer interactions is much easier and cheaper for digitally native brands. Their whole business is built with ‘digital’ in mind. For incumbent businesses that are now transitioning to online channels as part of their digital transformation ; the cost to build those new customer experiences is significantly high because of complexities that come with it. These complexities transcend IT dependencies into cultural and mindset barriers for these incumbent businesses
• Technology itself is also a non-trivial factor. Modernization of the technology stack isn’t merely a good-to-have but a must-have initiative within enterprises. Many incumbent organizations are either retro-fitting modern technology on top of legacy systems or totally modernizing their technology stack altogether. This is exactly where a legacy, homegrown CIAM system falls flat! Legacy CIAM systems were just not built for the scale, speed and agility needed today

One other significant dynamic cuts across the consumer and enterprise realm – privacy and consent management. The influx of data gathered through these brand-consumer interactions creates its set of opportunities and dilemma (read in more detail in my blog Customer Identity – a dilemma, an opportunity ). Consumers expect all the benefits of digital interactions, but they also expect brands to fully respect their personal data’s privacy. Most regulatory bodies agree, and now enterprises must also adhere to multiple data privacy regulations to avoid the risk of hefty fines in the case of a data breach or even misuse of data.

These new dynamics aren’t just affecting a specific industry or segment. The business drivers might be nuanced, but every industry is experiencing these new realities. While the evolving consumer behavior is one of the key drivers, the onus for managing this new consumer-brand interaction and the onus for overcoming the subsequent obstacles for enabling those interactions lies with the enterprises. The following illustration gives an overview of the three core business drivers; and how different factors in different industry segments are motivating enterprises to look at modern CIAM solutions.

Incumbent businesses like banks, insurance companies, telecom operators might have very different motivations compared to a neobank, a Fintech or a digital telco, but they all need to rely on CIAM to build that unique, tailored and secure user experience for their constituency of users.

Here’s how

When you start looking at capabilities and features, it starts becoming familiar territory for those familiar with the Identity & Access Management for the workforce/employees. Before looking at features, think back about “CIAM” being a poor representation of this domain. CIAM solutions don’t just help you manage the identities of customers/consumers (B2C), but also partners, suppliers, agents, brokers, gig-workers or any external identity (B2B) for that matter! Though not an exhaustive list, here’s a list of few key features of a CIAM solution.

• Registration or On-Boarding: Allowing enterprises to build flows for managing and simplifying the on-boarding process of external identities
• Identity-proofing: Often intricately tied with Registration, identity proofing allows enterprises to make the process of on-boarding more secure, especially for highly regulated industries where KYC is an integral part of the registration process
• Single Sign-on or SSO (including social login): SSO helps avoid the password fatigue, allowing users to enter their credentials once and not having to re-enter it each time they’re using a new service. Many websites also use social login (e.g. login with Facebook, Gmail, Outlook etc.) as a mechanism for identity-proofing and SSO combined into one
• Multi-factor Authentication or MFA: MFA is increasingly becoming a very important capability to sign into a digital service that requires a higher level of assurance. A very common example is your bank sending you a code (OTP) as an added security measure for sensitive transactions
• Progressive Profiling: This allows enterprises to “progressively” gather more information about users to help serve their customer better. Rather than overloading customers with dozens of fields to fill out, CIAM allows enterprises to build flows to ask for the right information at the right time
• Preference Management: Enables enterprises to better manage the preferences of their users
• Consent Management: CIAM also allows enterprises to manage users’ consent, so as to better manage their privacy and also stay compliant to data privacy regulations
• Delegated Access: Allows enterprises to build scenarios for delegated access. Imagine a B2B example where an insurance company is delegating certain rights to its broker; or a B2C example where the family head might create child accounts for other members of the family and grant them access to specific content

There is so much more to a CIAM solution, but even this small subset of features can give you an indication of how CIAM is intricately tied with the whole user journey orchestration. It’ll also create doubts or questions. CIAM does hinge on the borderlines of workforce IAM, and also sometimes fills the gaps of a CRM (Customer Relationship Management) system. But let’s park that discussion for now. If you want to learn more about CIAM features, click the image below to learn more about the features offered by the OneWelcome Identity Platform.

CIAM is one of the fastest growing sub-segments in the broader Identity & Access Management space. It solves problems of scale, extensibility and availability that a legacy workforce IAM solution cannot address. It moves the static way of saving data in CRMs to a very dynamic and modern way of managing data and identity relationships that enrich analytics. But most importantly, it acts as a glue or an orchestrator between many different systems, making it an integral part of any transformation project that aims to reimagine consumer experience in the nascent digital ecosystem. I’d probably rename CIAM to CIO (Customer Identity Orchestration) to better reflect this capability, or even EIO (External Identity Orchestration), to better reflect the user constituencies it serves. While we take time to deliberate on that thought, I’ve recently seen our new OneWelcome colleagues rightly point out, CIAM is the cooler side of IAM! Maybe that’s what the ‘C’ should actually stand for – “Cooler” Identity & Access Management.

DISCLAIMER:?All the cool views presented in this post are my own, and do not necessarily reflect the views of my past or present employers.