// FEATURE //
//
FOR THOSE LESS FAMILIAR , CIAM IS A SPECIALISED APPLICATION OF IDENTITY MANAGEMENT FOCUSED ON MANAGING AND SECURING CUSTOMER IDENTITIES .
( BYOID ) using social identifiers or email , mobile and username identifiers for basic identity verification . This approach is particularly common in scenarios like online shopping carts , food delivery services , streaming services and e-commerce platforms . However , for more sensitive applications such as banking , financial services , airline systems and government services , the verification process can include validating legal documents like passports , national IDs and driving licences . These processes may even incorporate Know Your Customer ( KYC ) protocols and integrate with device fingerprint services and biometric verification to prevent fraud .
For B2B companies , registration often involves the onboarding of entire organisations . This can be initiated through a sales-led approach , where an account manager facilitates interactions and negotiations , eventually triggering the provisioning of the organisation once the service agreement is finalised . This often includes invitation-based registration flows . The registration process must be user-friendly and straightforward while also ensuring security . When collecting valuable customer identity data , the onboarding process must be designed to avoid identity fraud , such as registration with synthetic or stolen identities . These factors must be carefully balanced , ensuring that the registration process aligns with security requirements and user experience expectations .
2 . Authentication
Authentication is the second pillar of CIAM , ensuring that users possess the required credentials to access customerfacing applications . Strong authentication prevents account takeovers , password snooping and password stuffing , keeping unauthorised users out through robust authentication policies . In consumer-facing applications , providing single sign-on ( SSO ) and passwordless login options such as email links and mobile one-time passwords ( OTPs ) enhance the authentication experience .
Adaptive authentication , which steps up security based on situational risk factors such as attempting access from a new device , logging in from an unusual geographical location or after a prolonged period of inactivity , balances user experience with security needs . For high-value services like financial applications or government services , additional layers like biometric verification and liveness checks provide higher levels of assurance and meet regulatory demands for more stringent measures .
3 . Authorisation and access management
Authorisation and access management define the available rights and entitlements for any authenticated user , application or device . Traditionally , authorisation has relied on role-based access control ( RBAC ). To address more fine-grained authorisation requirements , attribute-based access control ( ABAC ) models were developed . With modern requirements demanding even more fine-grained approaches , relationship-based access control ( ReBAC ) emerged , evaluating access based on the relationships between entities , with Google Docs being a prime example .
Regardless of the underlying model , authorisation in CIAM involves evaluating access rights and granting appropriate permissions to users , applications and devices . In consumer-facing applications , access rights often vary based on the user ’ s loyalty level . In B2B SaaS applications , they depend on roles and service subscription tiers . Additionally , access may be dynamically adjusted based on the user ’ s assurance level when accessing data or performing actions . For instance , an online
42 Intelligent SME . tech