How to Compare Digital Identity Providers for CIAM

Comparing and selecting digital identity providers for CIAM (customer identity and access management) is a daunting task. With the fast-paced nature of business and technology today, you need to ensure that you’re not only able to meet all your current requirements, but those to come. So, where to begin?

Select Digital Identity Providers for CIAM

As part of our Ultimate CIAM Buyer’s Guide, we’ve recently published a textbook-like paper called Evaluating Digital Identity Providers for Customer Identity and Access Management: Top Criteria, Differentiators, and Questions to Ask CIAM Providers. The paper starts with a review what a CIAM solution needs to be capable of doing in order to address today’s demands and trends, as well as those to come. These include:

• Personalizing customer experiences, building relationships and delivering omnichannel experiences
• Securing and connecting billions of customer and IoT identities and data
• Authenticating and authorizing billions of logins and transactions daily
• Facilitating security, analytics, privacy, and control
• Supporting and adhering to regulations (GDPR, HIPAA, Open Banking, PSD2)
• Integrating with other systems, such as marketing automation systems
• Easily scaling to meet demands and requirements
• Identifying and protecting against fraudulent or malicious activities

As the paper discusses, in order to achieve all of the above, a CIAM solution needs components that are beyond the basics of federated SSO, social registration and authentication, multi-factor authentication (MFA), authorization, self-service, and so on. 

For example, in order to comply with regulations such as the General Data Protection Regulation (GDPR), you need a CIAM solution that can allow users to control how their personal data is used and even request that it be deleted altogether. From a CIAM perspective, this is accomplished through a strategic component called Privacy by Design and Consent Mechanisms. 

Of course, when comparing and selecting a CIAM solution, you have to go further than just knowing what something is called. You need to know (1) why each CIAM component is important, (2) what’s needed to make it work, and (3) what questions you should ask CIAM providers about each component to ensure you’re covering all of your bases within your RFPs. 

For example, when evaluating CIAM providers for Privacy by Design and Consent Mechanisms, you should know that in order for them to work most effectively, they should be based on the UMA 2.0 standard and integrate with other software that helps meet regulatory requirements. Privacy by Design and Consent Mechanisms should also give users fine-grained controls to share and audit data about themselves, their devices and IoT ‘things’. Importantly, a Consent Receipt feature to track user consent is also mandatory for a compliance-ready CIAM solution. Additionally and importantly, the privacy and control mechanism user interface (UI) should be intuitive and friendly.

Therefore, based on the information above, the RFP questions you should ask CIAM providers for Privacy by Design and Consent Mechanisms include:

• Does the solution support a privacy and consent framework based on the UMA 2.0 standard? 
• Can the solution provide users with fine-grained controls to share and audit data about themselves, their devices and ‘things’? 
• Does the solution include a Consent Receipt feature?
• Does the solution support “the right to be forgotten” that adheres to regulations such as GDPR?

The details of what needs to be understood about each CIAM component in order to ask the right questions in your RFPs and, in the end, make a good purchase decision circles us back to the fact that selecting a CIAM solution provider is a very daunting task. 

This is precisely why we wrote Evaluating Digital Identity Providers for Customer Identity and Access Management: Top Criteria, Differentiators, and Questions to Ask CIAM Providers. It includes in-depth descriptions (written in layman’s terms) of the basic and strategic components needed for CIAM and why. Further, this paper includes RFP questions for each component, so you can be sure you cover all your bases when evaluating CIAM solution providers.

At ForgeRock, we believe in being a true partner throughout the journey of selecting a CIAM solution. If you’re in the process of evaluating Digital Identity Providers for CIAM, read this paper and please let us know how we can further assist.