OneLogin is now a One Identity company. You may need to disable your browser’s popup blocker setting to be redirected.
If your browser does not automatically redirect you, please click here
Customer Identity and Access Management (CIAM) is a type of identity and access management (IAM) that integrates authentication and authorization into customer-facing applications. CIAM does three main things:
Customer identity management is an important security measure across businesses of all shapes and sizes. Breaches can get expensive very quickly, often making a substantial impact on the bottom line. According to IBM Security, 80% of breached organizations have stated that customer PII was compromised during the breach and on average the cost of breach is $150 per customer. CIAM solutions can be easily integrated with systems that control common customer tasks such as account self-management, bill paying, order tracking, and returns, reducing the risks associated with poor password hygiene.
Key benefits of CIAM include:
CIAM and IAM requirements are similar when it comes to scalability, security, and accessibility. Both must meet these three requirements to guarantee a great user experience, whether for internal employees or external customers. However, CIAM goes beyond the traditional IAM approach in the following ways:
|Limited users (10–100,000) with less capability to handle spikes in traffic||A CIAM portal must be able to support millions of users. It also has to be able to handle rapid spikes in traffic (volume and frequency). Use of the portal is unpredictable, but there will be peak times when many people are accessing your system at the same time, such as Black Friday, and your CIAM solution must be able to handle those peaks.|
|Single identity per user||Consumers can have multiple identities|
|Closed system||Highly accessible system available on any device with a consistent login experience no matter where the end-user is or what device they’re using.|
|Internal authentication with strict security policies||CIAM must be implemented in a way that keeps the barrier of entry low. Authentication with external sources like social providers (e.g., Google, LinkedIn) reduces friction by enabling passwordless authentication without compromising on security.|
|Employee access and profile data used for internal purposes||Customer data used to provide critical analytics around marketing, business decisions, security, and compliance.|
Consumers have to remember a lot of passwords, and good CIAM vendors know that customer identity management is important for the security of the individual and the company. Whether it’s their social media, online banking, or online streaming accounts, the number quickly adds up. As consumer services are breached around the world, hackers accumulate even more user credentials, which are sold and bought online to launch large-scale password stuffing attacks using extensive bot networks.
This puts consumers who reuse passwords at particular risk. With CIAM, you can give the consumer the option to add a second authentication factor or sign in with their social identity, which provides stronger protection against account takeover.
Customers are given access to a customized, secure login portal with an authentication requirement. This portal is managed by the IT department, which keeps all security software, checks, and protocols up to date behind the scenes, protecting against ever-increasing viruses and hackers.
In the past, companies only gave customers one option for signing in: username and password. Now that MFA is commonplace, applications often require two or more factors before granting users access. To ensure that adding MFA is not discouraging users from creating accounts or slowing down their experience, CIAM must be implemented in a way that keeps the barrier of entry low.
Adaptive authentication uses risk scoring to determine whether or not MFA is required at the time of login. The risk score is a calculation of the risk level at the time of login that determines whether or not the end user will be granted access or will require a second level of authentication. Location, time, and frequency are some of the criteria used to determine the risk score.
According to Gartner, CIAM is an essential component to building solid customer trust. In fact, by 2020, companies that implement digitally trustworthy customer solutions will generate 20 percent more online profit than those that do not. With a Trusted Customer Experiences™ solution, companies can build a strong foundation for customer identity, trust, and loyalty, while minimizing operating costs, maximizing revenue and retention, and optimizing the customer experience.
SmartFactor Authentication™ minimizes friction during the authentication process by increasing security when you need it and not when you don’t. CIAM helps you acquire more customers, create more customer interactions, and influence cross-sells so you can build trust and loyalty to increase revenue and customer retention.
Since the goal of CIAM solutions is to streamline the end user experience while maintaining robust security, the various use cases all serve those goals. Here are the most common CIAM use cases: - Improve customer login experiences across multiple platforms and apps - Offer easy identity resolution and password resets/retrievals - Provide a unified and coherent customer experience - Streamline a secure sign-in process that reduces abandonment rates - Improve overall security by avoiding poor password hygiene - Streamline user authentication - Enable social login - Offer scalable customer identity management - Ease the process of user migration off of legacy systems
Give customers the trusted experience they demand while providing the security that customer transactions require. One customer identity management solution for your many channels.Read More
Download this guideline to find the features you need in a CIAM solution to keep your customers and apps secure.Read More
Explore the history and conditions that led to the rise of CIAM in this three-part series.Read the Blog