CIAM stands for customer identity and access management.
Typically, CIAM takes the form of authentication software used with an organisation’s public-facing websites, apps and other digital services. This software seamlessly integrates with a company’s branded digital properties to provide powerful security and frictionless access. CIAM solutions and their associated features are key to meeting consumer demands for a unified experience, while reducing the risk of a data breach.
Identity and access management (IAM) typically deals with authentication and access within an organisation – for example, determining what happens in terms of changes to a user account and privileges when employees join, leave, or move roles within a company.
As opposed to IAM, customer identity and access management (CIAM) is outward-facing. It is also concerned with joining, moving, and leaving, but more usually in the sense of registering for an account, making changes to the account or the relationship (self-service account, consent and preference management), or asking to be removed.
The ‘C’ in CIAM does not mean, however, that the users who authenticate are always private individuals. They may be authenticating on behalf of a company or other organisation. In other words, CIAM addresses external authentication scenarios – both B2C and B2B.
With any website or other internet service which requires authentication, the norm in the past was to build the authentication into the website, using a back-end database to store credentials. Although this involves significant work at the start of the process, once up and running, it becomes part of the website ‘furniture’ – and it does not look like a useful candidate for outsourcing.
However, built-in website authentication almost always has all of the following problems:
From an end user perspective, the lack of SSO and social login can cause frustration – and rather than create new identities, a percentage of them will take their custom elsewhere. But even more concerning is the increased risk of a data breach with a legacy solution.
As a corollary to the above disadvantages of a home-grown authentication solution, CIAM features remove the friction from sign-up and sign in processes – and, critically, improve security.
Single sign-on (SSO) across multiple web applications means users do not have to create more than one account when dealing with an organisation’s multiple web-based services.
For the user’s identity and the organisation’s resources - with a range of security measures including multi-factor authentication, threat detection and password blacklists.
Customers expect anytime access to your services and resources - a CIAM solution needs to scale to demand to ensure the experience isn't compromised during times of peak usage.
In addition, most solutions available today will provide:
*Social login has become particularly prevalent and valuable in CIAM solutions – allowing customers to authenticate with popular social media providers, such as Facebook, rather than set-up yet another username and password. Keep in mind that if it’s an outsourced service, it’s more likely to provide new authentication-related features as they become available.
The end result is happy customers, who trust your organisation and stay loyal to your brand.
High availability solution touching 1.75 billion identities.
Open Source product for building your own IAM solutions.
Single sign-on (SSO) with easy app registration including SAML & OpenID.
Registration-as-a-service and social login.
Highly secure solution based on Microsoft’s Azure Active Directory.
In February 2019, it was reported that 617 million online account details had been stolen from 16 hacked websites – and were being sold on the dark web.
Microsoft Azure AD B2C (“B2C”) is a comprehensive CIAM solution, but its security features are particularly compelling – offering highly advanced threat protection based on machine learning from Microsoft’s security graph.
The authentication journey, hosted in the Microsoft cloud, will react to the level of threat posed by the user’s credentials – if the credentials have been compromised, the perceived threat level is elevated and appropriate actions (e.g. locking the user out) can be taken by the B2C framework.
Remove one of the weakest technological links in the struggle against cyber-crime. Understand:
AAD and B2C live in separate directories (called ‘tenants’). When you invite B2B guest users into your organisation, they live in your main AAD tenant, whereas B2C users have their own tenant that does not mix with your AAD organisation. In addition, B2B has an invite model and B2C a registration model. Finally, the B2B login journey is not highly customisable, whereas the B2C authentication-related journeys are highly customisable (see below).
Using Microsoft’s Identity Experience Framework (IEF), you can make calls to attribute validators and attribute providers as part of the user journey. An attribute validator can check that user-provided attributes are correct, while an attribute provider can insert additional attributes into the journey. But as custom components, they can also execute other actions to fulfil your requirements. Essentially, you can model the journeys to your exact process.
Yes, Microsoft Azure AD can be treated as another identity provider with B2C as a relying party.
Microsoft also provides sample code for mobile devices including iOS and Android.
B2C supports many identity providers out of the box, including Microsoft Accounts, Google, Facebook, LinkedIn, Amazon, Weibo, QQ, WeChat, Twitter, and GitHub. In addition, you can add a custom provider if it conforms to the OpenID Connect standard.
We can help you deliver a seamless and secure customer experience across your online services.See More
Bring Microsoft’s expertise in identity and access management to consumer-facing interactions.See More
Our online scorecard takes a couple of minutes and will provide:
Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.Request Vision Call
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.