Customer identity access management

This article has multiple issues. Please help or discuss these issues on the talk page. (Learn how and when to remove these template messages) This article may rely excessively on sources too closely associated with the subject, potentially preventing the article from being verifiable and neutral. Please help by replacing them with more appropriate citations to reliable, independent, third-party sources. (May 2018) (Learn how and when to remove this template message) This article needs additional citations for verification. Please help by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources:  –  ·  ·  · scholar · JSTOR (September 2019) (Learn how and when to remove this template message) (Learn how and when to remove this template message)

Customer (or consumer) identity and access management (CIAM) is a subset of the larger concept of identity access management (IAM) and is focused specifically on managing the identities of customers who need access to corporate websites, web portals and webshops.^[1][2] Instead of managing user accounts in every instance of a software application of a company, the identity is managed in a CIAM component, making reuse of the identity possible. The biggest differentiator between CIAM and regular (internal) IAM is that in CIAM the consumers of the service manage their own accounts and profile data. ^[3]

CIAM functionality[]

Generally speaking a CIAM environment serves the following purposes:

• Identity as a Service, for managing digital customer identities
• CRM (Customer Relationship Management), for managing user behaviour
• Consent Management for managing user consent in reference to Privacy

Identity as a Service[]

CIAM is a required component of modern user engagement allowing organizations to recognize unique customers and personalize their engagement based on collected personal preferences.

A single CIAM system can control access to multiple applications, using federation protocols to transfer the digital identity and access parameters to the different applications.

CIAM solutions are generally designed to scale to handle tens-of-millions of users or more in B2C environments. IAM is common in large organizations to control a wide scope of internal user access points ^[4] including computer hardware access, file and resource permissions, network access permissions, application access, and human resource needs.

In the simplest form, CIAM includes the registration and login processes that allow a customer to sign in and use a company’s application. More advanced systems can provide single sign-on (SSO), account and preference management, data tracking and reporting, multi-factor authentication, and user monitoring and management.

CRM[]

The digital identities managed by a CIAM solution are used to give access to different business applications, portals and webshops. Due to the fact that all these transactions are logged, the data can be used for profiling purposes. And transaction data can be correlated to the digital identities of the customers. The data can be seen as a relevant component of CRM systems.

Consent Management[]

Because of the nature of CIAM – user logging in, managing profiles, accessing services – CIAM solutions harvest a lot of personal information. Privacy laws, such as the GDPR in the European Union, hold CIAM providers accountable for processing this kind of data, hence the providers have taken steps to restrict the processing of these data by implementing Consent Management services. For every data element users can define whether a provider can process or transfer the personal data. For instance: a user can give or revoke consent to process transaction data for marketing purposes.

See also[]

• Digital identity
• Electronic authentication
• Federated identity
• Identity assurance
• Identity management
• Privacy by design
• Strong authentication

References[]