This real world implementation example describes the technical concept to build a CIAM implementation on a role based access control IAM tool. As for most data driven companies, IT backends provide data access for employees based on a granted role. In contrast, customer access rights need to be limited to their small data slice, based on their company, and their respective role in their company, or their individual data. It seems to be a good idea to reuse the same IAM tool for keeping employee and customer identities for the purpose of sharing investments, skills and resources. However CIAM requires different attributes for authorization, and IAM-Tools typically don’t provide a real time provisioning which is usually expected in the web environment. And standard IAM tools don’t provide any support for Login, resource protection, and interfaces to notify your CRM about customer activity in your portal.
Key Takeaways: