An IAM solution for businesses (IAM) manages the identity of employees and their access to their organization’s services and applications. A Customer Identity & Access Management solution (CIAM) does much of the same, as its name implies, but has a focus on the consumers. The fundamental difference is that it is unlikely that an employee will switch jobs if the company’s solution is not user-friendly enough. On the other hand, a customer will not be as loyal if the experience does not meet their expectations.
Omnichannel
If you just have a single website, you can use the web application’s own user database to manage the customer data. Usernames and passwords are in this datastore together with the customer contact information. However, the needs become more demanding if the portal is composed of multiple applications and authentications.
The strongest driver for CIAM comes from the need for a consistent user experience across different channels.
For example, a customer who is in the store can log on to the store’s loyalty program via the app on the phone to see which items were purchased previously, or log on to the customer portal on the computer at home to redeem bonus points. The customer will expect a seamless user experience in that contact information and purchase history are the same, regardless of channel, hence the term omnichannel.
Shared login
In many cases, the technical infrastructure for the various channels will be different. The reason may be that the channels were launched or further developed at different times, and because the infrastructure for running an online store is often different from the one for APIs that the mobile apps usually interact with.
In a multi-channel situation, a CIAM solution ensures one common sign-in across channels and services and ensures that customer information is always up-to-date.
Publishing third-party services as a part of the channels, such as a cloud-based CRM solution, reinforces the needs for a CIAM. Additionally, corporations that own multiple retail chains may need to reuse customer information across the chains.
Personalized content
If a customer of an electronics store has recently purchased a refrigerator, it is not suitable that the store runs targeted campaigns on new refrigerators directed at customer. The purchase history should be used to avoid this. It is in the interests of both the store and the customer to be presented relevant, i.e. personalized, content – as long as there is customer consent to do so.
If the customer calls the store for a question regarding the delivery of the refrigerator, they expect the store representative to have the customer’s information at hand without the customer having to ecall and recite any relevant information, like the specifics of a given purchase (dates, models, etc). Customer support is also a channel. Thus, personalization is not just about being able to sell more, but also about meeting the customer properly and efficiently in all contexts.
Different systems will be involved to create a consistent experience in concert; the online store, CRM, the customer support system. The role of the CIAM solution is to link customer information across channels and systems.
Self-registration and login with existing identity
The most common way to register users in a CIAM context is for the consumer to do it themselves, either directly or by allowing the solution to do registration and login based on the customer’s existing identity from another platform. Of course, this requires that the CIAM solution can easily be integrated with other identity providers (IdP).
Meta identity is probably the most widespread example of external identity. When registering in the online store, the customer can be presented the opportunity to use their existing Meta account. Meta then provides authentication and confirms the identity of the customer for the online store. This is without a doubt a popular and user-friendly solution. Since the customer is probably already logged into Meta, logging in to the online store will not require further authentication. Also, this simplifies the first registration, because Meta can provide the basic user information, which therefore doesn’t have to be re-entered.
A consumer expects a quick and easy-to-use registration process. For example, in online stores, the registration of the customer is often postponed until late in the purchase process, i.e. at a time when the motivation for completing the registration is assumed to be high. Registration is put off until entering the payment process. A cumbersome registration process will cause the purchase to be canceled or simply abandoned. It doesn’t take many botches, especially in low-margin industries, before it is felt on the bottom line.
A CIAM solution must have a seamless and user-friendly registration.
Consent
Consent is required for customer portals and online stores. What are they, as caretakers of the customer’s data, allowed to do with the data? Does the customer accept receiving social media advertising, that the partners get the contact information, and that the data can be used for categorization and personalization of the customer? This requires explicit consent. The solution must balance the need for simplicity in the registration process against regulatory requirements for transparency and intelligibility. The customer must be able to understand what they agree to and must also be able to withdraw their consent without much fuss at a later date.
Handling and storing consent is a feature that can be added to CIAM.
The CIAM solutions that does not have this feature built-in must be complemented by a Consent Management Platform for handling this. Such a platform can usually serve multiple purposes. It can be used, for example, to track and analyze customer within the online store. Thus, there may be good reasons to use different tools for handling identity and consent, respectively.
Overview of all customer information storage
An important part of the GDPR deals with the right to be forgotten. If the customer requests it, the company must remove the customer from all customer registers, mailing lists and the like – except where statutory requirements such as the Accounting Act, must be met.
A CIAM solution will keep track of all customer information stored and will be able to coordinate that everything is deleted properly, thus ensuring a documented compliance with the Privacy Regulation.
Scalability
An IAM solution for businesses needs to be scaled to the size of the business organization. The size can be changed, but the change will not happen suddenly and without warning. However, an online store or loyalty program can run campaigns that generate significantly more traffic on very short notice. The CIAM solution must be able to scale and handle the increased load accordingly. This is usually comes with the platform when we look at cloud-based CIAM solutions, but not necessarily with an on-premise implementation.
