What is a Customer Identity and Access Management solution?

A Customer Identity and Access Management (CIAM) solution provides you, the application vendor, with the means to create and manage online identities securely for your end-users. If you’re running a small website, this may not sound like a big deal, but if you sell a software product with tens or hundreds of thousands of users (or even millions!) a Customer Identity & Access Management solution can help protect your users and the service you offer from unwanted access.

A CIAM solution provides you access control to software applications for your end customers. Essentially, there is control over who is allowed to sign in to your application, how they do it and what they can access once they’ve signed in.

Furthermore, CIAM allows you to manage those user identities once they have signed up. This article explores the main advantages and features of a good Customer Identity Access Management solution and how to use them to your advantage.

 
 

 

What is CIAM used for? 

A CIAM solution is used to allow end-users to either self-register or be invited to join an online service in order to create a user account that they can subsequently use to log in to. To log in the user provides their username and password and the Customer Identity & Access Management solution checks that the credentials are correct and then grants access to the application.

The great thing, if you’re an application developer, is that a CIAM solution can be used for authentication to any type of application that communicates over the internet – be it a web, mobile or desktop client application. CIAM is focused on any application being accessed by an end-user in order to connect to remotely hosted services over the Internet/https.

A CIAM implementation can offer a range of additional features to enhance or simplify the main authentication function. These can include:

 
 
Support for Social Sign-in, to allow users to sign-in using an identity they already have a trust. For example, using your Google or Apple ID to sign into an application.
 
 
Support for Single Sign On (SSO) - a CIAM solution might also support Single Sign-On. Most CIAM solutions are based on an Identity Provider, which then allows a user to sign-in and, within the same session, be able to access one or more applications, without the need to sign into each separately. This is commonly referred to as Single Sign-On.
 
 

All market-leading CIAM providers use similar, secure login flow – see the Google and Microsoft login pages below.

 
 
 
 
 
 

With a CIAM provider such as 10Duke, a simple and secure login flow can be implemented on a white-label basis.

See the example below, where 'Genius Company' would be replaced with your company's brand.

 
 
 
 

 

Key features of a Customer Identity Access Management solution

A CIAM solution can also include features to enhance the security of the authentication process, making it more secure for both the user and the application provider. These security features can include:

 
 

Two-Factor / Multi-Factor Authentication refers to the addition of at least 2 factors that help to authenticate the end-user. This might be a text password and a one-time 6 digit code, a password and a smart card reader, a password and a smart key or any similar combination.

Click here to learn more about Multi-Factor Authentication.

 
 

Identity Federation refers to a process in which the main Identity Provider in a CIAM solution delegates responsibility for authenticating the end-user to another authentication service/IdP, and then trusts this 3rd party’s authentication decision. This is what happens during the process of social sign-in, but most often federation is used to refer to a scenario in which the authentication decision is delegated to a corporate directory such as Active Directory (+ AD Federation Services). This is also sometimes referred to as “SAML SSO”.

Click here to learn more about Identity Federation.

 
 
 
 
Password security best practices include minimum password strength, password salting and password hashing, and passwords being stored separately from user names.
 
 
Communication between the application and the authentication service between the application and the authentication service is secure, relying on industry-standard, tested, validated protocols and processes including SAML 2, OAuth 2. Getting this correct is difficult and a good CIAM provided should be able to provide good, clear, tested workflows that are secure.
 
 
 
 

Controlling Access to a Software Product

Depending on your use case, type of application(s) and your preferred software monetization model, you may want to consider controlling access to your software product in a more dynamic and detailed way than what CIAM solutions are typically capable of.

Software licensing is about controlling access to a software product that you publish and sell so that only those who have paid for it can use it, in accordance with the license terms under which the software product is sold. The end goal is to monetize your software product as effectively as possible, by enforcing the license terms.

You might hear terms like access management, entitlement management or software licensing, but in a software product context they’re essentially all about the same thing – controlling customer access to a digital resource, whether that’s a web-based SaaS app, a desktop application, or a file, to ensure profitability.

What often happens is that software businesses attempt to control access to their product with tools that aren’t really made for that purpose, or they try to develop a licensing system in-house to solve that particular problem as quickly as possible.

Unfortunately, self-built licensing systems are rarely able to scale as the business grows, meaning lots of engineering resources are wasted on manual license admin and maintaining a system that was never ideal in the first place. As a result, you most likely have revenue leaking out, and you may not even be aware of it, or have ways to find out.

This is why any software business looking to grow faster should look into a dedicated, outsourced software licensing solution from a specialist like 10Duke.

 

10Duke Enterprise – One Solution for both CIAM and Software Licensing

10Duke Enterprise is a powerful cloud-based licensing solution designed for fast-growing software businesses looking to monetize their products better, that also has built-in Customer Identity and Access Management capabilities, enabling you to learn more about who actually uses your products and how.

10Duke is the only company in the market that offers both CIAM and software licensing, and the pioneer of the unique concept of Identity-based licensing, where licensing and customer identity management meet and work in tandem.

With the combined benefits of a dynamic license enforcement solution and its CIAM capabilities like SSO, federation and 2FA, 10Duke Enterprise is the go-to solution for software monetization.

Learn more about 10Duke Enterprise here.

 

 

Benefits of CIAM

Personalize end-user experiences with CIAM

As a CIAM solution stores user identities, it also offers the opportunity to utilize the data held in it, in order to personalize the online experience for the end-users. The more an application is able to present information that is directly relevant to the end-user the more valuable it will be.

With a capable Customer Identity Access Management solution, there should be a wealth of user attribute information available which can be used to personalize the information presented to the end-user.

Examples of this include:

  • Presenting new products to the end-user based on products that you know they already have purchased 
  • Showing promotions for conferences to the user to attend, based on an awareness of their current location
  • Showing support or training content in-app or via email, based on their recent purchase history.
 
 

 

User IDs managed easily with CIAM

Another critical aspect of a good Customer Identity Access Management solution is allowing the identity information of users (identities, permissions and properties) to be easily managed.

CIAM provides the ability to create and manage the information on users, either by means of the user self-registering and maintaining the information, the user being invited to the service initially and then asked to add any required personal information, or an administrator of the system administering information on users.

This may include: 

  • Standard user information, such as first name, last name, gender, age, location
  • A set of additional information, referred to as ‘profile attributes’ and include information such as properties, age, gender, income, location, educational level
  • A profile can also then be automatically enhanced by the CIAM information  adding information to the user profile such as IP address, device type used to access the service, etc. 
  • Allow the user to self-register and add personal information themselves
  • Change password

A successful CIAM implementation should easily allow the identity information that it stores to be shared as appropriate with connected systems. As user information is critical across a business, the data held in a CIAM system is normally shared with a variety of connected business systems.

This means that in implementing a Customer Identity Access Management solution decisions have to be made in regard to whether there is a single source of truth for customer data or whether customer data is held in multiple locations. A successful CIAM implementation requires a clear understanding of its role and responsibilities in regard to CRM, ERP and e-commerce solutions.

Ideally, you would have a single source of truth for everything that helps ensure all systems are always in sync with no manual intervention needed.

 
 
 
 

A Centralised CIAM solution enables GDPR compliance

A successful CIAM implementation also provides the ability to ensure your compliance with GDPR, and other data regulations as easily as possible. Note that we're not saying 'provides compliance with GDPR'. The reality is that there are many views regarding how best to comply with GDPR. A CIAM implementation can offer the ability to centralize the storage and management of user information.

This same information is governed by GDPR and similar data regulations and your ability to comply with them is aided by the fact that it is centralized. A good Customer Identity Access Management solution can allow the end-user to 'self-serve' in managing permissions to their personal data and also even allow the user to revoke your permission to store their data. If stored centrally in a CIAM solution, compliance then becomes much easier.

This is a core consideration when thinking about how best to integrate a Customer Identity Access Management solution with a CRM, ERP or e-commerce solution. If there are several repositories of user information, it becomes more difficult to easily manage that user data and therefore comply with GDPR.

Overall, a good Customer Identity Access Management solution should offer you the flexibility to configure it as you wish in order to comply with GDPR as you prefer.

 
 
 
 

 

CIAM Solution helps with Access Management

One final key component of a good Customer Identity Access Management solution is the "Access Management" perspective. For simple web services this may be taken care of using RBAC (Role-based Access Control) in which each user is assigned a role within the system and their access to content or applications is defined by their assigned role.

In more sophisticated cases, particularly when it comes to more dynamic scenarios, access to any protected resource can be managed by a service like 10Duke Enterprise. Regardless of the means of implementation, any good CIAM solution will provide the means to control access to a protected resource for the end-user once they have been authenticated.

If you are an application developer and you’re looking for a solution to help you manage the online identities of your users, then a Customer Identity Access Management solution will provide you with several advantages, from reducing the attack surface you present to potential hackers, to making it easier for your users to sign up and sign in, to making it easier to utilise the identity information within your CRM or comply with GDPR.

 
 
 
 

 

Conclusion

A Customer Identity Access Management solution can help provide you with numerous benefits and if you are looking to find a way to better manage user identities, provide security and an enhanced experience for end-users then a CIAM solution is for you.

If you want to hit two birds with one stone, consider 10Duke Enterprise as your CIAM and software licensing solution to help you generate the most revenue, protect your customers and to offer them an improved user experience.

To learn more about what 10Duke Enterprise is capable of you can ask us questions or schedule a no-obligation Discovery Call.

 
 
 
10th May 2023

5 Reasons Why Web Applications Need a Software Licensing Engine

Dedicated licensing engine provides significant value and helps overcome complexity. In this blog we explain the complexity and how to solve it.
7th October 2022

How Centralized Software License Management Will Increase Your Revenue

License management is typically looked at simply as a cost of doing business. When done correctly, license management can be an engine of revenue growth, removing […]
18th August 2022

Cloud-based Software Licensing | The Modern Way

Every kid coming out of Harvard, every kid coming out of school now thinks he can be the next Mark Zuckerberg, and with these new technologies […]
11th April 2022

Software Licensing System – The Build vs. Buy Conundrum

To build or buy a licensing system – the huge question all growing software vendors will face. This blog will help you make an informed decision.
13th December 2021

Licensing As a Service – Why It’s the Modern Way of Software Licensing

Licensing as a Service, a new method of software licensing, offers flexible and effective means of monetizing software products quickly and easily.
20th August 2021

10Duke 101 – Understanding the Basics of 10Duke Licensing

A brief introduction to 10Duke’s Licensing Solution. We will go through its main concepts and how to integrate with 10Duke, including delegation of authentication, product configuration […]
12th May 2021

Software Activation – The Good, The Bad and the Modern

Software Activation is a technology that verifies a software product has been legitimately licensed for use. Learn how to do it effectively.
29th March 2021

Is Sharing Really Caring? Not If It’s Your Password

Password sharing may seem harmless, but it actually puts your business, employees and customers at risk. Find out why what you can do to prevent it.
18th February 2021

Software IP Protection – How to Protect Software Intellectual Property?

Software IP protection strategy is not just about limiting access. The best IP protection software also aims to enhance customer experience.