Users are the lifeblood of your commercial success, so their safe, secure, and flexible management will help keep them happy.
The secure and flexible management of the various consumer communities — collectively referred to as Users — is a crucial aspect of any CIAM integration.
Hi, I’m Peter Fernandez, and as a CIAM expert, I want to share my experience building modern User management into modern applications.
Convenience…
Convenience is a byword in the user experience. However, users don’t just want easy access to the B2C/B2B SaaS solution you provide. They also want an approach that makes the whole process secure as well as friction-free. So, when it comes to things like resetting a (password) credential or providing an additional factor for Authentication, they want to do it in as safe and convenient a way as possible.
…and Control
In line with regulatory compliance policies (such as GDPR), your users will look for the ability to manage the data you hold about them — preferably in a self-service fashion, and preferably allowing them to automatically control consent to any information they no longer wish to share. Aside from the potential consequences of non-compliance, lack of control over their personal information could leave your users feeling unnecessarily vulnerable.
Data Care
Users naturally appreciate being treated with respect, and the care and consideration shown when dealing with their (personal) data invariably go a long way in supporting that. Arguably, it all starts with the first experience…so setting the standard in the sign-in or sign-up process is arguably the place to start.
Data Availability
Users need to know that the information they share, often of a personal nature, is treated with the utmost care. This means their (personal) data should be stored safely — or disposed of securely and in a controlled manner when no longer required — and is only available to authorized parties, and only when needed.
Account
An Account can be thought of as the overarching definition for a user and all their associated information. Implemented as an independent data record in a CIAM context, provides the flexibility for a wide variety of identity management opportunities, including Account Linking and the like.
Profile
Aside from the all-important personal details — such as a name, email address, and/or date of birth — delivering the user Profile as a discrete aspect of the user’s Account allows information, like metadata or personal preferences, to follow a user no matter how they log in to a system.
Credentials
Implementing discrete Credential record(s) supports UserID and Password as part of first-factor authentication in addition to the likes of Social and/or (Enterprise) Federation — especially in cases where a Password credential is not desired at all.
Buy vs DIY
You could build an in-house custom solution yourself…it’s certainly an option. Particularly if you have a team with the time, capacity, knowledge, and expertise to develop SSO; deploy and maintain Attack Protection; leverage OIDC and/or SAML for Authentication, Social and/or (Enterprise) Federation; implement Passwordless, Passkeys and/or MFA, and/or optionally OAuth 2.0 for API Authorization.
The alternative is to integrate with a SaaS solution provided by one of the popular vendors, and the cost of subscribing to one of these typically depends on the features you use and the number of active consumer identities you have.
With vendor-based CIAM the cost is typically associated with the platform hosting the backend service(s) that deliver Authentication, Authorization, Management and Protection from attack. With consumer-oriented software, much of this infrastructure is already in place: cloud-based “compute”, database, network resources, etc. could be a necessity for your solution, and delivering these at scale may be something you also need to do.
Deploying a standards-based open-source DIY solution within your existing infrastructure might provide a more cost-effective approach — delivering secure and robust CIAM without the need to build everything yourself and with the added benefit of more flexibility and control.
Got questions?
Feel free to reach out!
