Part of the Orange Group

Back to Blogroll
CIAM

3 min read

UMM. Just use it!

Article written by:

UMM. Just use it!

As an IT Architect, I was asked to introduce my customer to the concept of an unified IT component, which could manage users’ identity and privileges in a distributed IT environment. The issue was that the component should handle not only employees’ data, which is gathered in a standard recruitment process but partners, contractors, and customers as well, which are also systems users.

What is CIAM?

With an explosion of online devices (IoT) and higher customer expectations for security and privacy, companies must find ways to ensure their customers can engage with their applications or services at any time, from any device, securely and safely. This is where Customer Identity and Access Management (CIAM) was introduced. CIAM allows for adaptive, customer-friendly access to resources with proofed identity, security, and scalability.

Figure 1 CIAM pillars

 

CIAM is necessary for public-facing applications, that require users to register identities and create accounts. The trend of CIAM adoption is driven by a variety of use cases, including targeted marketing to increase revenue, authentication of customers to enable single sign-on, providing a better user experience, and regulatory compliance. CIAM software helps organizations to manage customer data securely and efficiently, including customers’ identity and activity.

With it, customers no longer toned to register an account or otherwise provide information to use every brand touchpoint (such as apps, websites, and help desk portals). The software needs to offer a single view of the entire customer base and his IoT environment. Such a solution encourages customers to use the software more often, which gives the possibility to sell more often.

 

Figure 2 CIAM trends

CIAM as a public-facing IAM

CIAM  as a subset of the larger concept of identity access management (IAM), is focused on managing the identities of customers who need access to corporate websites, web portals, and e-commerce. Instead of managing user accounts in every instance of a software application of a company, the identity is managed in a centralized CIAM component, making reuse of the identity possible. The core functional building blocks and protocols of IAM and CIAM remain the same across areas like authentication, authorization, directory services, and lifecycle management. On the other hand, customer-facing IAM requires more flexibility in authentication and a simpler authorization model. Not without significance remains a higher scalability requirement and additional diligence for compliance with regulations, such as GDPR which govern users’ privacy in the EU.

Figure 3 CIAM vs IAM features

Key CIAM features additionally include self-service for registration, password and consent management, profile management, reporting and analytics (i.e. for marketing purposes), APIs and SDKs for mobile applications, and social identity registration and login.

The idea of omnichannel and improved customer experience leads to developing new features that can leverage new business opportunities. Adaptive access should recognize dynamic identifiers such as a customer’s location, device, IP address, and other vendor-gathered data. For instance, customers using a new device to log in to a sensitive app are prompted for MFA. On the other hand, customers logging in using a previously registered mobile device can use passwordless authentication, resulting in improved security and better usability.

And Gartner says

The overlap between CIAM and other IAM deployments continues to grow. Important IAM requirements like identity lifecycles are increasingly required for CIAM use cases to combat malicious attackers. Auditing, reporting, and analytics for control are also important to tie CIAM deployments tightly to an organization’s security and DevOps processes. Further, common CIAM requirements around integration SDKs/APIs and self-service are now being used in IAM solutions for modern application development, as well as employees that have acquired consumer experience expectations. This single implementation of CIAM and IAM can offer operational efficiencies and should also adapt to the ever-changing needs of businesses and their users.

Gartner, in its reports (2019), provides a list of vendors which are the leaders of customer-facing access management solutions: Okta, Microsoft, Ping Identity, IBM.

Time to introduce UMM

Encouraged by UMM in the Zoetis case study, I decided to review this not so popular solution, concerning market leaders listed above. I focused on well-known, common features introduced in most CIAM solutions.

common CIAM features Microsoft Azure AD B2C Okta Customer Identity Ping Customer Identity BlueSoft UMM
predefined registration forms
self-service for registration
password management
SSO
identity federation PingFederate
roles and groups Azure AD
MFA
rule and policies engine
consent and privacy management
profile generation and management
progressive profiling
authentication and authorization into applications
notifications Via RESTful
identity repositories
social identity registration and login
APIs and SDKs for mobile applications
ETL/bulk data sync
digital identity proofing
reporting and analytics Application Insight
Auditing/log manager
invitation mechanism as a custom policy
OpenID Connect, OAuth 2.0, and SAML support
API protection
delivery cloud cloud, on-premises cloud, on-premises cloud, on-premises

 

 

Based on the analysis results gathered in the table above, it is clear that all common features are covered by the UMM solution.

User Management Module is a proven (at least two commercial usage cases), highly available, easy adaptive CIAM solution which can be delivered in the cloud as well as on-premise infrastructure. Allows integration with legacy systems securely and efficiently. Having an extensive rules engine allows shortening time to the market adaptation to business needs. Which is not less and even in some cases more at a first glance than market leaders provide. What’s more, due to the rich feature portfolio, it can be considered as the IAM solution as well, which can bring a lot of benefits.

Resources:

https://www.computerweekly.com/news/450430875/Consumer-identity-management-a-growing-trend

https://blog.capterra.com/tech-support-trends-for-2018/

https://www.brighttalk.com/webcast/17984/396632/top-trends-in-customer-identity-and-access-management-ciam-with-gartner-analys

https://www.information-age.com/future-identity-access-management-123469844/

https://www.okta.com/resources/whitepaper/transform-the-customer-e✓perience-with-a-modern-customer-identity-and-access-management-ciam/

https://en.wikipedia.org/wiki/Customer_identity_access_management

https://www.ubisecure.com/identity-platform/customer-iam/iam-vs-ciam/

https://www.okta.com/blog/2017/07/decoding-customer-iam-ciam-vs-iam/

https://docs.microsoft.com/pl-pl/azure/active-directory-b2c/overview

https://www.okta.com/customer-identity/

https://www.pingidentity.com/en/solutions/customer-identity.html

https://ummodule.com/features/

 

Consultation: Tomasz Nikiel

Let's talk business

Subscribe to our newsletter.

Receive the latest updates from us.