Users – Discover CIAM

Users are the lifeblood of your commercial success, so their safe, secure, and flexible management will help keep them happy.

The secure and flexible management of the various consumer communities — collectively referred to as Users — is a crucial aspect of any CIAM integration.

Hi, I’m Peter Fernandez, and as a CIAM expert, I want to share my experience building modern User management into modern applications.

Convenience is a byword in the user experience. However, users don’t just want easy access to the B2C/B2B SaaS solution you provide. They also want an approach that makes the whole process secure as well as friction-free. So, when it comes to things like resetting a (password) credential or providing an additional factor for Authentication, they want to do it in as safe and convenient a way as possible.

…and Control

In line with regulatory compliance policies (such as GDPR), your users will look for the ability to manage the data you hold about them — preferably in a self-service fashion, and preferably allowing them to automatically control consent to any information they no longer wish to share. Aside from the potential consequences of non-compliance, lack of control over their personal information could leave your users feeling unnecessarily vulnerable.

Data Care

Users naturally appreciate being treated with respect, and the care and consideration shown when dealing with their (personal) data invariably go a long way in supporting that. Arguably, it all starts with the first experience…so setting the standard in the sign-in or sign-up process is arguably the place to start.

Data Availability

Users need to know that the information they share, often of a personal nature, is treated with the utmost care. This means their (personal) data should be stored safely — or disposed of securely and in a controlled manner when no longer required — and is only available to authorized parties, and only when needed.

Account

An Account can be thought of as the overarching definition for a user and all their associated information. Implemented as an independent data record in a CIAM context, provides the flexibility for a wide variety of identity management opportunities, including Account Linking and the like.

Profile

Aside from the all-important personal details — such as a name, email address, and/or date of birth — delivering the user Profile as a discrete aspect of the user’s Account allows information, like metadata or personal preferences, to follow a user no matter how they log in to a system.

Credentials

Implementing discrete Credential record(s) supports UserID and Password as part of first-factor authentication in addition to the likes of Social and/or (Enterprise) Federation — especially in cases where a Password credential is not desired at all.

Build vs Buy vs DIY

You could build an in-house custom solution yourself…it’s certainly an option. Particularly if you have a team with the time, capacity, knowledge, and expertise to develop:

SSO,
Leverage OIDC and/or SAML for Authentication, Social and/or (Enterprise) Federation,
Implement Passwordless, Passkeys and/or MFA, with optional
OAuth 2.0 for API Authorization, as well as
Deploy and maintain Attack Protection.

The alternative is to integrate with a SaaS solution provided by one of the popular vendors, and the cost of subscribing to one of these typically depends on the features you use and the number of active consumer identities you have.

Build, Buy or DIY your CIAM Solution?

Click to read the blog post

With vendor-based CIAM, the cost is typically associated with the platform hosting the backend service(s) that deliver Authentication, Authorization, Management and Protection from attack.

With consumer-oriented SaaS, much of this infrastructure is already in place: cloud-based “compute”, database, network resources, etc., could be a necessity for your solution, and delivering these at scale may be something you also need to do.

Deploying a standards-based (open-source) DIY solution within your existing infrastructure might provide a more cost-effective approach, delivering secure and robust CIAM without the need to build everything yourself and with the added benefit of more flexibility and control.

Questions? Comments?
Feel free to reach out!

Convenience…