Customer IAM & Consumer IAM
Understanding the difference between IAM and CIAM
Identity & Access Management (IAM) and CIAM (Customer IAM) are architected for two very different purposes. Traditional, or Employee IAM is designed to provide access control and role management for internal users such as employees. CIAM is designed to provide access control and management for external users, such as customers, APIs or devices.
|Fewer users||>||Potentially millions of users (scalability)|
|SSO to enterprise apps||>||SSO to customer facing apps|
|Many identity silos||>||Centralised identity data store|
|Single enterprise user identity||>||Supports many 3rd party identities|
|Security essential, convenience ‘nice to have’||>||Security and Convenience both essential|
|GUI focus||>||Identity API focus|
|Internal compliance driven||>||External regulation (GDPR, PSD2) driven|
|Led by IT||>||Led by Developers building customer apps|
The Ubisecure Identity Platform has been used to deploy CIAM solutions throughout Europe. Find out more.
20% – 30% Increase in Sales & Marketing
On a yearly base 20-30% of customer data becomes invalidated in your CRM as end users change roles or move organisations. Sales Reps are unable to keep up with change efficiently.
To combat degredation of data, a user within your customer’s organisation is delegated as the identity data administrator. Instead of your sales reps trying to keep up with changes in their customer organisation, the new administrative user in you customer organisation takes care of that.
The delegated administration model ensures that customer data is always accurate. You can better target your existing customers with relevant marketing campaigns and you’ll free up sales rep time.
Phenomenal Customer Experience and Journey
With Ubisecure Identity Platform you can build an ecosystem where your customers and partners can use their own corporate identities to login into your services. After a simple registration and linking of the customer data the users of your online services can simply Single Sign-On (SSO) from their corporate network to your services as properly authorised representatives of their organisation.
The comprehensive standard support ensures that you can link all your applications and services under the IAM umbrella. The support for modern web SSO standards also makes it possible to create a unified identity strategy across channels from mobile apps to applications to things or devices.
The access privileges to your online services depend on the valid contract between your customer and your organisation. If this contract becomes invalid (for whatever reason), the access to your online services should cease. The time it takes to close all access privileges across all of your systems by the IT administration can take days.
When using the Ubisecure Identity Platform you will tie the access privileges to the CRM contract information. Once the contract expires, the platform will automatically revoke access privileges.
Another aspect of security is protecting your confidential assets. Some services may include information or have transaction capabilities that can be considered sensitive or of high-value. The Ubisecure Identity Platform comes with a wide range of supported authentication methods from mobile to biometrics.
To protect your data, you can deploy multi-factor authentication where needed – and only where needed. The multitude of supported authentication methods mean that you can select exactly the right kind of user identity verification for all of your assets.
Compliance to Regulation
Two of the most impactful regulations are the 2018 European General Data Protection Regulation (GDPR) and Payment Services Directive 2 (PSD2). The Ubisecure Identity Platform can make it easier to comply to this new European wide regulations by helping organisations comply to the data management, strong authentication and API protection requirements in the directives.
CIAM For Consumer Services
Capture and Convert
One of the biggest reasons for cart or form abandonment is the registration requirement (conversion). The ability to tap into external 3rd party databases for identity attribute information can make the registration a breeze for the visitor. Ubisecure Identity Server can be linked to these repositories to smooth out the conversion process and considerably increase your conversion rates.
Social media identities offer the visitors an easy way to login. An alternative is to use other prevalent identifiers such as bank IDs, national IDs or mobile phone numbers. The Ubisecure Identity Platform can be connected to mobile network operators that can offer valid identity attributes and these can be used to prefill the fields in the registration forms, or completely automate the process. During this process the active user consent can be collected making sure your services are compliant with e.g. the new European General Data Protection Regulation (GDPR) requirements.
Return of the Customer
Once you have converted a visitor into a customer ensuring they return for new services / products is essential. The key to achieving return visits is to offer an exceptional online experience.
Customers return when they can easily use something that they already had when they registered. Social media identities are good for this purpose. Facebook, Google, VKontakte or LinkedIn cover well over 1 billion people with tremendous purchasing power. For larger transaction and services where better security or identity assurance is required you can deploy any of the strong identity or multi-factor methods supported by Ubisecure Identity Platform in just minutes.
Privacy by Design – GDPR
One of the biggest drivers to achieving privacy by design is embodied in the European General Data Protection Regulation (GDPR). Identity Management technology plays a key role helping organisations with online services to comply with this (and other) regulations.
Centralised identity management systems with a self-service user interfaces makes it easier to:
- Let customers validate and modify their own information (control)
- Gather active consent from the users and letting them manage the consents they’ve given
- Ensure that when personal data attributes are transferred internally or to external services through federation, only the absolute minimum of the data is sent to the receiving party
- Comply to the GDPR regulation “right for erasure” and / or transferring their account data
Building services that honour privacy will benefit both the customer and the service provider. Customers will trust services that offer better control over identity data. A trustworthy service will have better conversion and return rates. At the same time companies can create cost savings by enabling more self-services for their customers.