Consumer Identity and Access Management (CIAM) continues to be a fast-growing specialty within Identity and Access Management. Traditional Identity and Access Management (IAM) worked well for the enterprise with internally facing requirements to address their employees. Still, as organizations began reaching out to customers and gathering information about them using their products & services, they found that they needed to provide a better digital experience. CIAM solutions are designed to meet evolving technical requirements for businesses and other organizations that deal directly with consumers and citizens.
Consumer IAM systems provision, authenticate, authorize, collect and store identity and other information about consumers from many and sometimes unauthoritative sources. Improved user experience is often manifested through consumers' mobile devices or social networks and provides an easier onboarding experience. CIAM has also diverged from traditional IAM in supporting some baseline features for analyzing customer behavior and collecting consent for user data usage and integration into CRM, connected devices, and marketing automation systems.
Although CIAM provides many benefits to the consumer regarding user experience, there are challenges for the organization implementing a CIAM solution, such as customer identities may be orders of magnitude more numerous than the employee identities enterprises have been managing. Organizations also need to be concerned about privacy compliance such as GDPR or PSD2, as well as compliance with new and demanding anti-fraud and other regulations is required.
Given these challenges, there are also new opportunities created by CIAM: many enterprises plan to use the stream of rich customer data collected in these systems for marketing analyses.
Common features of Consumer IAM solutions include:
- Ability to scale customer identities magnitudes higher than traditional IAM
- Self-registration for customers
- Multi-factor authentication options
- Social login support
- Fine-grained access control to resources and data
- Risk adaptive authentication
- Native, or the inclusion of 3rd-party fraud and compromised credential intelligence
- Marketing analytics based on customer data, built-in or via interface to 3rd party products
- Privacy and consent management
- Enhanced user experience
- White-labeling with the client enterprise's brand
- Integration with IoT devices linked to customer identities
- Software-development kits (SDKs) for integration of Web and mobile apps with the CIAM infrastructure
In the IAM market in Japan, NRI SecureTechnologies offers its Uni-ID solution as a consumer-facing IAM (CIAM) product, supporting both B2C and B2B use cases. It was first developed in 2008 and rebranded and relaunched as Uni-ID Libra in mid-2017. NRI SecureTechnologies became a subsidiary of Nomura Research Institute (NRI) in 2000. NRI Secure was the first Japanese company to obtain an OpenID Connect Certification. With its headquarters in Tokyo, NRI Secure provides security consulting and solutions. Currently, NRI Secure claims 20-plus large Japanese automotive, financial, retail, media, and telecom customers with over 100 million consumer identities served by Uni-ID Libra.