What is Customer Identity and Access Management?

Every customer-facing application and service requires a Customer Identity and Access (CIAM) solution to enable secure onboarding and facilitate use. 

CIAM refers to the system/s that manage and secure customer identities, their access to an application or service and what they are able to do within it. CIAM solutions provide businesses with the tools they need to onboard, authenticate, verify, and authorize customer identities across all digital interfaces. 

There are different levels and access types, depending on the service and what the user is able to do. 

For example, some services only require authentication with basic credentials and single factor sign-on. Others require identity verification, strong authentication and authorization actions, such as payments. 

Often, CIAM is thought of as just the doorway or gateway to services but this is a severe under-utilization of a powerful business asset that can drive significant value for both business and the end-user. 

Enabling the customer’s journey

An effective CIAM solution can help businesses acquire customers faster, deliver smooth user experiences, and facilitate safe and secure transactions, driving value for both business and the end-user.  

The issuance of unique credentials, access controls and identity workflows (such as signup and authentication) are well established and the race is on for lowest friction. 

What is less established, is what happens after customers are onboarded. As the customer traverses through your portfolio of services and applications, each interaction is facilitated in some way by your underlying CIAM system. Everything from how identity data is used by applications to authorization and payment facilitation is managed to some extent by the CIAM system. If you set it up strategically, you can unlock opportunities to drive value for your business. 

Onboarding and authentication

The first touch for a customer is usually signing up or registering for an application or service. This requires the creation of credentials that will enable authentication as well as collection of necessary profile information to enable delivery of the service. 

Prioritizing a secure experience is paramount, with most services opting for high assurance authentication with secure workflows including multi factor authentication (MFA), biometric verification, verified credentials (third-party verification) and federated or single sign on (SSO).  

Your users already have extensive digital profiles, accounts and passwords resulting in a poor user experience and security vulnerabilities. You can reverse this trend and delight your users with low friction, seamless journeys, while still delivering on privacy and security. 

There is a lot of emphasis on this part of the customer journey, and many businesses stop here and hardcode any necessary authorization steps into the application. While this can be a fine solution for standalone applications, it is obstructive when you need to integrate or orchestrate access control within your ecosystem.


Authorization determines what users can see and do in a particular system. Implemented as authorization policies (you can learn about them here), it enables trusted identities to access digital assets based on appropriate assurance levels, attributes, metadata and real-time context. These controls are designed to protect resources from unauthorized access, while facilitating legitimate use. 

Authorization has traditionally been thought of in the context of enterprise IAM (trusted users gaining access to restricted documents and systems), however for customer facing interfaces, authorization is a critical enabler of services and can be far more complex. 

Not only does it ensure secure and appropriate access, but it can drive great experience with dynamic real-time decisions. The complexity and flexibility of modern software and services means we need granular flexible access control for users. The more granular, the closer the data reflects the real world and the more control a business has in managing access. But the granular control policies can’t be static, they need to be dynamic and responsive to changing context. Greater control means a more secure system and more user friendly experience. 

Previously, authorization logic was built directly into the application with all data used as part of the decision chain held within the app itself. For a business with more than one customer facing application or service, this is instantly problematic, adding friction with siloed data. 

Further, when authorization logic is baked in, you can’t leverage external information in the authorization policy, or leverage the data for further use cases, such as personalization. 

Modern applications utilize externalized authorization which decouples the authorization logic from the application itself. This allows the business to leverage other data, make faster decisions based on dynamic data points and orchestrate a consistent experience across services (with all systems using the same externalized authorization). 

Identity enabled actions

User data is a critical and core driver of modern industries. We see example after example of this being handled poorly, unethically and rarely to the advantage of users themselves. 

Industries have relied on third-party data and third party tracking technologies to remain competitive, compromising the privacy of the user.

But with a privacy by design CIAM solution, one that anonymises data and places the user in control of how non-anonymised data is shared and used, you can protect your user and gain a competitive advantage. Identity data is rich with insight and with the user in control you can capitalize on first party data (data shared with you directly from the user) to drive personalized offers, cross sell within your brand and with partners and improve your products and services. 

Combined with a powerful customer data strategy, you can use your CIAM data to drive growth in your business.

Subscribe Icon

Keep updated

Don’t miss a beat from your favourite identity geeks 🤓

Trusted Onboarding and Verification

Onboarding and authentication

Bring your own identity provider or use IndyKite Authentication to securely onboard your customers.

Digital wallet

Identity Knowledge Graph

Accurately reflect your landscape of users, applications, machines and data types.

Trusted Authentication

Knowledge-Based Access Control

Advanced authorization driven by knowledge