CyberArk Glossary >

What is Customer Identity and Access Management (CIAM)?

Businesses use Customer Identity and Access Management (CIAM) solutions to control access to public websites and digital properties. CIAM solutions make it easy for customers to sign up for and log on to online applications and services. They help protect data privacy and defend against identity theft and other types of fraud and abuse. And they allow customers to easily manage their account profiles and security settings on their own.

CIAM solutions make it easy for businesses to add user registration functions and robust identity management and access controls to customer-facing applications. They help companies improve customer experience, strengthen security, and improve compliance with data privacy mandates like GDPR.

CIAM solutions are typically delivered as cloud-based services, hosted and managed by a trusted third-party for ultimate simplicity, agility, and scalability.

Key Customer Identity and Acces Management Features

  • Multi-Factor Authentication – Most CIAM solutions support Multi-Factor Authentication (MFA) functionality to protect against user impersonation and credential theft. With MFA, a customer must present multiple forms of evidence to gain access to a website or online application, for example, a password and a one-time, short-lived SMS code. Modern CIAM solutions support AI-powered adaptive authentication methods, using contextual or behavioral analytics and administratively defined policies to determine which authentication factors to apply to a particular customer in a specific situation. For example, a customer accessing a web app from a trusted home computer might be required to enter a second authentication factor only once per day.
  • Single Sign-On – Most CIAM solutions support Single Sign-On (SSO) functionality to allow customers to access online applications and services using their social networking credentials e.g., their Facebook, Google, or Microsoft login credentials. SSO improves customer satisfaction and customer retention by eliminating password sprawl and fatigue, and making it faster and easier for customers to access websites and apps. Leading CIAM solutions support a variety of standards-based federated identity management protocols such as SAML, Oauth, and OpenID Connect.
  • Self-Service Registration and Account Management – Most CIAM solutions allow customers to sign-up for services, opt-in and out of terms, and manage security and consent settings on their own. Customers can reset passwords, update account settings, or change communications or consent preferences without engaging customer service.
  • Centralized Customer Directory – Most CIAM solutions provide centralized directories and APIs for managing customer records and sharing data across sales, marketing, and business systems. They allow companies to collect customer information for analytics and business intelligence, while controlling how information is shared and used to ensure compliance with customer consent preferences and data privacy regulations.
  • Developer Tools and APIs – Most CIAM solutions provide SDKs, REST APIs and widgets that make it easy for businesses to embed customer authentication and authorization functionality into websites and online apps, and to create custom-branded login pages, deliver personalized customer experiences, and quickly enable social logins.

CIAM Solutions vs Traditional IAM Solutions

CIAM solutions are often compared to traditional Identity and Access Management (IAM) solutions. CIAM and IAM solutions both provide access controls, MFA functionality, and SSO capabilities to ensure strong security and improve user experiences. While similar in concept, in practice the two solutions are aimed at different audiences and address different functional and operating requirements.

Traditional IAM solutions are intended to authenticate and authorize employees and contractors accessing corporate applications and IT systems. They are engineered to support tens of thousands or hundreds of thousands of users. They are designed to work with enterprise directory services like Active Directory and to integrate with corporate HR and IT systems. And as a general rule they are not subject to rigorous data privacy and consent regulations like GDPR.

CIAM solutions, by contrast, are intended to authenticate and authorize customers accessing public-facing applications and services. They are engineered to support millions (or even billions) of users. They are designed to support social login and to integrate with a variety of sales, marketing, and business intelligence systems. And they are governed by strict data privacy and consent regulations like GDPR.

Learn More About CIAM