KuppingerCole Report
Advisory Note
By John Tolbert

Consumer Identity and Access Management for “Know Your Customer”

Consumer Identity and Access Management systems and services provide new technical capabilities for organizations to know their customers better. Implementing CIAM can provide better user experiences, generate additional revenue, and enhance brand loyalty.

1 Management Summary

Consumer Identity and Access Management (CIAM) is a sub-genre of traditional Identity and Access Management (IAM) that has emerged in the last few yea ...

Login Get full Access

2 Highlights

  • Creating new ways to engage customers online is a mandatory business strategy.
  • Consumers want a pleasant digital journey when interacting with you ...
Login Get full Access

3 CIAM Components

CIAM services and systems share many characteristics with the more familiar IAM systems. Both types can provision users, store attributes about the u ...

Login Get full Access

3.1 Provisioning

The first encounter with a CIAM system is usually during the provisioning process. All CIAM systems allow users to create accounts with usernames and ...

Login Get full Access

3.2 Identity proofing

Identity proofing is the process of verifying a person’s identity and associating it with a digital credential. In the physical world, this often i ...

Login Get full Access

3.3 Identity repositories

IAM systems have long been built on the foundations of LDAP directories, derived from x.500. In order to scale to millions and even hundreds of milli ...

Login Get full Access

3.4 Authentication

Username/password is a standard authentication mechanism available in all CIAM products. Most users suffer from password fatigue and would prefer oth ...

Login Get full Access

3.5 Authorization and access control

Authorization in CIAM systems is largely dependent on varying authentication mechanisms via policy. CIAM tenant administrators can implement policies ...

Login Get full Access

3.6 User analytics

CIAM services are architected to collect potentially large volumes of data about individual users managed by the system. The data can be dissected an ...

Login Get full Access

3.7 APIs and OOTB integration kits

Most CIAM vendors have APIs that allow developers to dig into historical data to create highly customisable reports. It is also possible to integrate ...

Login Get full Access

3.8 Consumer generated content

The most robust CIAM vendors facilitate direct consumer engagement with the tenants’ implementation. Building upon the notion of online user forums ...

Login Get full Access

3.9 Consent management

Through registration to CIAM systems and subsequent usage of sites, consumers create a lot of data. While the information processed by these systems ...

Login Get full Access

4 Deployment considerations

Organizations contemplating deploying an identity and access management solution for consumers will need to consider a number of issues, including, cu ...

Login Get full Access

4.1 IAM or CIAM?

Most organizations already have an investment in IAM infrastructure today. Some IAM solutions are growing to meet the requirements imposed by marketi ...


Login Get full Access

4.2 Sponsorship and organizational structure

CIAM initiatives are sometimes driven by IT shops, but in other enterprises, we see Marketing departments making the initial push for solutions. Hist ...

Login Get full Access

4.3 Security

While there are numerous benefits to businesses that implement CIAM, tenants and operators of CIAM solutions must always be mindful of security risks ...

Login Get full Access

4.4 Privacy

The notion of consumer privacy, or the right of consumers to have control over which bits of their personal information that they share with service p ...

Login Get full Access

4.4.1 EU General Data Protection Regulation

The EU Commission adopted the General Data Protection Regulation (GDPR) on 27 April 2016, and it comes into force on 25 May 2018. The GDPR will harmo ...

Login Get full Access

4.4.2 User Managed Access (UMA)

UMA is a Kantara Initiative specification that defines a user consent protocol for allowing access to electronic resources, particularly consumer and ...

Login Get full Access

4.5 KYC

CIAM systems can provide an excellent means to Know Your Customer, as shown above. CIAM can generate detailed information on individuals and groups f ...

Login Get full Access

4.5.1 KYC for AML

KYC begins with identifying the customer and verifying their identity by vetting reliable and independent documents for the customer on-boarding proce ...

Login Get full Access

4.5.2 CIAM and KYC as competitive advantages in the post PSD2 world

Within 2 years of 25 November 2015, the Revised Directive on Payment Services (PSD2) comes into effect across the EU6. PSD2 defines the business en ...

Login Get full Access

5 Conclusions and Recommendations

Login Get full Access

5.1 Summary

CIAM can significantly improve your users’ experiences, add value, increase brand loyalty, and generate revenue. For businesses that need to intera ...

Login Get full Access

5.2 Recommendations for those contemplating a CIAM technology insertion

  • IT teams should welcome the opportunity to work with Sales and Marketing to transform IT into a revenue producing service.
  • Inventory existing IAM ...
Login Get full Access

5.3 Recommendations for CIAM tenants and operators

  • Exploit built-in reporting and analytics capabilities to their fullest to obtain maximum value.
  • Utilize APIs and 3rd party tools to extend functio ...
Login Get full Access

5.4 Recommendations for CIAM solution providers

  • Support UMA for consent management.
  • Accept FIDO UAF & U2F authentication.
  • Provide a rich set of adaptive authentication techniques.
  • Build in ...
Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.