What Is Customer Identity and Access Management (CIAM)?


CIAM Solutions

Customer identity and access management (CIAM) is a type of identity technology that allows organizations to manage customer identities, providing security and an enhanced experience. The primary purpose of CIAM is to help organizations deliver a great experience to customers and to protect their user data.

Digital transformation is changing everything about the way companies operate, and this includes the way they engage with customers. For online services providers seeking to capture the attention of consumers—retailers, media platforms, healthcare providers, financial institutions, public service agencies, and many others—it has become critically important to create offerings that surprise and delight customers, earn their trust, and keep them coming back.

CIAM is related to the well-known category of identity and access management (IAM) in that both solutions are designed to help organizations manage user identities as they access certain applications and data. But there are key differences. While the primary use case for enterprise IAM solutions is managing user identities and secure access for employees, partners, and contractors, as well as IoT devices and even APIs—the interfaces that allow applications to talk to one another—CIAM is specifically designed for enabling frictionless access to online services for consumers, which means it must address a range of challenges beyond those of managing "known" entities in which user access privileges are controlled by the organization.

CIAM technology goes well beyond user identity management and access control. At its best, it is a comprehensive, integrated system that also provides privacy protection, anti-fraud capabilities, and compliance features. And as CIAM collects data about customer behavior, the most advanced solutions use artificial intelligence (AI) and analytics, along with customer relationship management (CRM) functionality, to help companies deliver personalized digital experiences that improve customer interactions and that help to build brand preference and drive revenues.

CIAM can be delivered as a service from the public cloud, a private cloud, or hosted on-premises as self-managed software. Gartner, in its 2021 report Critical Capabilities for Access Management, observed that cloud delivery is the preferred model: "High availability, effective resiliency, reduced need for support staff and dynamic scalability of [access management] AM services have become far more important, resulting in SaaS being the dominant delivery model for AM."

CIAM AI + Orchestration Diagram: Marcitecture

CIAM: Better for Companies, Better for Customers

A CIAM solution can help organizations acquire customers faster, deliver frictionless user experiences, and protect customer data by ensuring a transparent and secure digital experience at every stage of the customer lifecycle. For example, during the acquisition and retention stage, companies using a CIAM solution can provide prospective customers with simplified registration and single sign-on (SSO) to quickly onboard them. As a part of the revenue and loyalty stage, companies can provide a fully personalized customer experience across their multi-channel environments—website, mobile, kiosk—to drive revenue and returned business. Finally, in the privacy and customer trust stage, organizations can provide customers with complete control over their user preferences, customer profiles, and data, thus adhering to privacy regulations.

Here are some of the ways that CIAM capabilities improve online experiences for customers:

Registration: CIAM simplifies the registration process, often through social login, which minimizes the information a customer must provide, and progressive profiling, which enables an organization to collect information based on what they already know about customers, rather than asking too much too soon, which can turn customers away.

Authentication: CIAM provides a wide choice of strong multifactor authentication options while delivering a seamless customer experience through mobile authentication, usernameless and passwordless authentication, single sign-on (SSO), and federation, which allows customers to move between trusted partner organizations without reauthenticating.

Authorization: Once consumer identity has been established, a CIAM will continually authorize access using adaptive authentication, which uses controls based on device, location, behavior, and more. When the risk is low, the customer will have a streamlined experience, which may include leaving and coming back, without having to sign in again and again. As certain factors change, the CIAM will add layers of security.

Self-Service: CIAM enables customers to perform a range of activities, such as profile data and preference management, password reset, help requests, and more. Personalization: CIAM enables companies to deliver a consistent and personalized omnichannel experience, which may include web, mobile, kiosk services, and other digital channels, using a centralized customer profile.

Privacy: CIAM helps a company adhere to privacy laws, including those in GDPR, CCPA, and other regulations, and nurture customer trust by enabling customers to manage their personal data, account profile, and privacy settings through a centralized portal.


Customer Experience Matters, CIAM Delivers

For organizations that provide online retail, financial services, healthcare, news, and other services, CIAM can be the secret to a smooth and seamless customer registration process, an excellent online experience, a secure engagement — perhaps a purchase or a subscription — and a happy customer that returns again and again. A poor experience, on the other hand, will often lead to customers abandoning their carts, and perhaps the online retailer, forever.

40 percent of consumers abandon onboarding processes when opening a new bank account for multiple reasons: an overly lengthy process, time-consuming authentication, and difficulty filling out forms.


Customer experience is a key differentiator for online businesses. Companies that invest in customer experience can expect to see increased revenues because customers are willing to pay more for a great experience. Similarly, positive experiences are key to customer loyalty—92% of organizations that invest in customer experience say they see an improvement in customer loyalty as a result of their efforts.

Increasingly, customers expect to be able to register new accounts using information from social media providers including Google, Facebook, LinkedIn, Amazon, and others. A CIAM solution should allow such support to simplify the registration process for customers. With CIAM's single sign-on (SSO) capabilities, customers can access all of a company's properties with one set of credentials.

People expect easy and convenient online shopping that's secure, private, efficient and smooth, even when they're using multiple devices. They want ads and promotions that speak to their wants, needs and lifestyles. And, increasingly, they want control of their personal information. Using a CIAM solution helps businesses meet these needs without having to build the features themselves.


How CIAM Secures Customer Data

Consumers entrust companies with personally identifiable information (PII) that may include their email and home addresses, phone number, and credit card information—not to mention their shopping or reading habits. A data breach in which customer information is exposed can be devastating and costly to the company not only in terms of fines, but in terms of damage to the company's reputation and loss of customer loyalty and trust. A Ponemon survey found that 65 percent of consumers indicated a data breach had caused them to lose trust in an organization and 27 percent discontinued their relationship with that company.

Fraud is a huge concern among online consumers, with online data breaches continuing to make headlines as they expose records by the billions. If a consumer's credentials are stolen in such a breach, and that consumer (like so many) uses the same credentials for multiple sites, there's cause for concern that they can be used to access other accounts. In addition to MFA, which dramatically reduces the risk of a bad actor fraudulently gaining access to a customer's account, CIAM can incorporate third-party anti-fraud technologies, behavioral biometrics, and identity-proofing solutions to minimize risk.

CIAM also secures customers' personal data via encryption, whether the data is "at rest" (stored in a database) or "in transit" (moving from one location to another, such as from a consumer's browser across the internet to a cloud destination). Even if the data was intercepted, it would be of no use to a cybercriminal.

CIAM is Key to Regulatory Compliance

Data privacy laws dictate how companies can collect, store, and share data about their customers. Under GDPR and CCPA, for example, organizations must provide users, upon request, with copies of their data along with a record of how that data is being used. CIAM can help companies stay in compliance using privacy and consent management capabilities, as well as data protection controls such as encryption and data isolation for multitenant environments.

For global and regional compliance, it is imperative that CIAM includes Privacy by Design and Consent Management mechanisms, based on the UMA 2.0 standard, as well as offer integrations with other software that help meet regulatory requirements. Such mechanisms provide users with fine-grained controls to share and audit data about themselves and their devices. A Consent Receipt feature to track user consent is also mandatory for a compliance-ready digital identity platform.

How do CIAM and IAM differ?

One of the major differences between CIAM and IAM is scalability. Unlike workforce identity solutions that support thousands of entities (employees and partners) who require fairly static access to a pre-assigned list of applications, CIAM must be able to scale to accommodate millions of users — often during dramatic spikes in traffic, such as on peak shopping days or during major sporting events. A CIAM platform must be massively scalable and highly available, spanning multiple data centers, hosting platforms, and geographies.

"Customers seek a CIAM vendor with a proven track record of serving tens of millions of customers with its CIAM solution; they also want vendors to provide sizing guides and performance guarantees under peak loads, including documented response times for new user registration, user self-service, and login procedures."

– Forrester, "The Forrester Wave: Customer Identity And Access Management, Q4 2022

Download Report

Related Products & Solutions

ForgeRock Access Management

Deliver exceptional experiences and no-compromise security for your consumers

ForgeRock Identity Management

Simplify and automate identity management to improve enterprise-wide security and boost growth and operational efficiency.

ForgeRock Identity Cloud

The only identity cloud purpose-built for enterprise.