iWelcome is now OneWelcome. Visit us at onewelcome.com

CIAM vs IAM: How do they work and what are the differences?

May 14, 2018 12:00:00 AM

In this blog, we tell you everything you need to know about classic IAM and CIAM, and about the shift that is taking place from Classic IAM to Consumer IAM solutions.

*Updated - July 2020

 Classic IAM - How does it work?

Almost all organisations have done something with IAM (Identity & Access Management). The last 2 decades and mainly driven by IT departments, organisations are initiating IAM projects to get B2E (Business to Employees) identities managed. Newly hired employees, partners and/or suppliers are to be engaged with the organisation with a clear and easy onboarding process. They should be able to start their first workday by authenticating and having the right authorisations for the set of applications and services they are supposed to use. Productivity is the keyword! This classical form of IAM is mainly about streamlining the lifecycle of an employee’s identity.

The transition from Classic IAM to CIAM

The last few years, however, a new form of IAM is trending: Consumer IAM or CIAM. Driven by business instead of IT departments, organisations launch CIAM projects to manage consumer identities in an optimal manner. Organisations want to communicate with consumers over multiple brands via different channels, in the most frictionless way possible and complying to all data protection and consumer privacy regulations. By doing that, they can collect consumer information which in turn helps them to effectively recognise and serve these customers. Consumer IAM is mainly aimed towards engaging with consumers and building trusted relationships. The classic IAM solution is not fit for this purpose

Why Classic IAM does not work anymore

First of all, today’s consumer authenticates himself on different places, like web portal apps and connected devices. A consumer could use his tablet to get connected with his energy company for a check on his personal data. Later, he could authenticate on his laptop to change personal settings and connect to his smart thermostat or other IoT devices. All these channels are used to get connected to the organisation. Until a few years ago, organisations used classic IAM to give the consumer this possibility resulting in slow operating results and poor digital user experiences.

Secondly, solutions should be scalable and easy to use. If an organisation starts a marketing campaign, the CIAM provider should be able to handle the load peaks and increased customer traffic. Also, user registration and data management processes must be as user-friendly as possible. Consumers expect a ‘frictionless journey’. If the provider is unable to offer this, consumers easily switch to a competitor.

CIAM is the future to drive your business

Let me use the ‘modern’ word ‘digital transformation’ in this blog (;-)) as you read it everywhere nowadays. CIAM is at the heart of digital transformation projects initiated by organisations. Not driven by IT, but driven by the commercial side (marketing, sales and other commercial departments) in an attempt to drive business. CIAM providers should be developer-oriented and their solutions ought to be user friendly. Developers should use RESTful APIs of the Consumer IAM provider to develop mobile-apps and other (web)portals to provide the consumer a better user experience.

A proper Consumer IAM solution allows for a better user experience with different forms of authentications, social login (e.g. Facebook and Google login) and progressive registration. It makes it easier for organisations to acquire consumers and build trusted relationships. Traditionally, classic IAM solutions do not necessarily need this user experience while the identity for the end-user (mainly employees) is already created and usable.

Data of consumers is voluntarily provided when a consumer registers himself. The right Consumer IAM solutions provide the functionality to let the user give consent to his data according to GDPR regulations in Europe, such as the right to erasure and the right to portability. The classic IAM retrieves that information from the HR system. Employees provides consent by nature of the employment agreement.

IAM vs. CIAM - 5 key differences

IAM vs. CIAM - 5 key differences

1. Focus user group

When it comes to CIAM vs IAM, these solutions are designed to be used by a different user group. Classic IAM is designed with the requirements for employees in mind, and Consumer IAM is designed to manage private persons/customers.

2. Characteristics

Looking at Consumer IAM vs Classic IAM, both solutions are different in their characteristics. For example, scalability: Classic IAM is designed for thousands of users; Consumer IAM is about millions. Onboarding is also very different. On top of that, Consumer IAM offers more advanced consent and user management.

3. Privacy

Privacy is one of the critical differences between CIAM and IAM. Within Classic IAM, consumer privacy is not a primary concern since staff provides consent by the nature of the employment agreement. When it comes to CIAM, privacy is essential, especially in Europe with GDPR enforced.

4. Things

When it comes to things that are connected to the solution, Classic IAM is less flexible than Consumer IAM. Within IAM, things are integrated within the workflow. Consumer IAM, on the other hand, can connect multiple things with a predisposition for exponential usage and user numbers growth.

5. Preferred delivery model

The fifth difference between CIAM and IAM is the delivery model. Classic IAM is often still embedded in on-premise infrastructure, with an option for cloud, while Consumer IAM is delivered as IDaaS.

In summary: Consumer IAM outbeats Classic IAM when it comes to serving customers

Consumer IAM solutions provide the correct balance between customer-experience, security and performance to the consumer where classic IAM provides the balance between security and correct authorisations. Consumer IAM contains features to support the new ‘look & feel’ of the organisation, social login integrations, multi-factor authentication, workflow registration, etc. for easily on-boarding new consumers. Where users of the classic IAM solution are already ‘in’ and using the solution, Consumer IAM platforms are built to boost conversion rates for onboarding ‘new’ customers.

Feel free to repost this blog on your website or social channels! But when you do so, please be so kind to mention the source and give us a notice via marketing@iwelcome.com.

You May Also Like

These Stories on ciam

No Comments Yet

Let us know what you think