1 Introduction
Consumer Identity and Access Management (CIAM) is a sub-genre of traditional Identity and Access Management (IAM) that has emerged in the last few years to meet evolving business requirements. Many businesses and public sector organizations are finding that they must provide better digital experiences for and gather more information about the consumers who are using their services. Enterprises want to collect, store, and analyze data on consumers to create additional sales opportunities and increase brand loyalty. Know Your Customer (KYC) initiatives, particularly in the financial sector, are another example of the business driver motivating exploration and adoption of CIAM.
CIAM at first glance seems very much like Customer Relationship Management (CRM) software. However, it differs from CRM in that, with CRM systems, sales and marketing professionals are counted upon to enter the data about the contacts, prospects, and track the sales cycle. With CIAM, similar kinds of information can be collected, but the consumers themselves provide and maintain this information.
Traditional IAM systems are designed to provision, authenticate, authorize, and store information about employee users. User accounts are defined; users are assigned to groups; users receive role or attribute information from an authoritative source. They are generally deployed in an inward-facing way to serve a single enterprise. Over the last decade, many enterprises have found it necessary to also store information about business partners, suppliers, and customers in their own enterprise IAM systems, as collaborative development and e-commerce needs have dictated. Many organizations have built extensive identify federations to allow users from other domains to get authenticated and authorized to external resources. Traditional IAM scales in well-defined environments of hundreds of thousands of users.
Consumer IAM systems are designed to provision, authenticate, authorize, collect and store information about consumers from across many domains. Unlike regular IAM systems though, information about these consumers often arrives from many unauthoritative sources. CIAM systems generally feature weak password-based authentication, but also support social logins and other authentication methods. Information collected about consumers can be used for many different purposes, such as authorization to resources, or for analysis to support marketing campaigns, or Anti-Money Laundering (AML) initiatives. Moreover, CIAM systems must be able to manage millions of identities, and process potentially billions of logins and transactions per day. Having IAM systems dedicated to hosting consumer identities and their associated profiles is a good first step toward KYC.
SAP, the world’s 3rd largest software company headquartered in Germany, entered the cloud computing space 5 years ago and has quickly grown to offer numerous SaaS solutions. Accordingly, SAP has developed its own identity platform so that customers may integrate with their services: SAP HANA Cloud Platform Identity Authentication and SAP HANA Cloud Platform Identity Provisioning.