logo

Decoding Customer IAM (CIAM) vs. IAM Okta

The world of Identity and Access Management (IAM) is rarely controversial. But today, there is a battle brewing in how we-as an industry-talk about customer-facing use cases for IAM.  The world of Identity and Access Management (IAM) is rarely controversial. But today, there is a battle brewing in how we-as an industry-talk about customer-facing use cases for IAM. Many are starting to refer to this as Customer IAM or Consumer IAM, both abbreviated as CIAM. CIAM does have some unique requirements. But that does not mean that you must use a product that only focuses on CIAM. Okta’s approach is to offer a broad IAM cloud service with a strong foundational platform and functionality that enables CIAM use cases—we believe ultimately a better long-term choice.

  • Published: 22-04-2022

  • Related Category: IAM - Identity Access Management

  • Type of Content: Articles

  • Owner: Okta


First off, what is IAM or CIAM?

If you’re new to identity management software, here’s a quick primer. Wikipedia says it is “the security and business discipline that ‘enables the right individuals to access the right resources at the right times and for the right reasons.’” That is broad, and can cover almost everything in computing and IT.

For most apps, this looks like a database table that stores profiles and passwords. It might also have some permissions data. For more complex applications, or large scale deployments, packaged IAM software might be used that adds security and has pre-built frameworks to manage much more complex authorization, potentially across many applications.

Generally, IAM software can do this for many different use cases. Whether users are employees, and the authorization is based on a role in the organization, or the users are customers and authorization is based on loyalty membership status. The latter scenario gets us into the world of Customer IAM, or CIAM.

What’s similar between CIAM and IAM?

In a nutshell, the answer is security, scalability, and high availability.

While it is certainly true that not all IAM solutions can handle the requirements for customer-facing (a.k.a. B2C) use cases, the core functional building blocks and protocols of IAM remain the same across areas like authentication, authorization, directory services and lifecycle management. A vendor that leverages a set of core IAM platform capabilities—such as OpenID Connect and OAuth support—across employee, contractor, partner, customer and consumer use cases can gain much more leverage than a vendor that is building proprietary technology to only serve one use case. Ultimately, that leverage leads to greater innovation and long-term success in the market—a long-term partner for your app development projects. You want to build on a foundation that is going to be around for the long haul.

IAM systems hold the keys to the kingdom, therefore regardless of the use case, the security of an IAM product is of paramount importance. The same security controls around an authentication or federation service apply regardless if the use case is employees federating to Office 365, customers federating to a support portal, or consumers federating between multiple hotel web properties of a large hospitality enterprise such as MGM Resorts International. Compromised employee accounts lead to hacking of internal systems, and compromised consumer accounts generally mean required public disclosure and a very bad PR day, even if you aren’t publicly listed.

With scalability, we start getting into areas where specialized CIAM vendors may claim there are unique requirements. It’s true in a way. If you compare a specialized CIAM cloud service to a legacy on-prem IAM product, then yeah, your CIAM service must be able to handle a single customer with 10s of millions of identities. Many legacy on-prem products, or even general Identity-as-a-Service (IDaaS) products were not architected for that kind of scale. However, an IDaaS that serves all use cases and has thousands of customers with hundreds of millions of monthly authentications can easily scale to handle a new customer with millions of users. The argument here that CIAM is different becomes a moot point when your vendor is already running a multi-tenant cloud service as massive scale.

Finally, high availability is critical for all use cases. If your IAM is down, you can’t do business. Lost productivity of employees is enormous but your eCommerce site going down means lost revenue. Again, a modern cloud service with extreme redundancy delivers the high availability needed for all use cases.

>> Download Article to continue reading.



Related Articles: