5 Apr, 2022 | 3 min read

The next level of the CIAM journey towards digital transformation from Level 0/2

  • Dinali Dabarera
  • Senior Solutions Engineer - WSO2

Anybody interested in providing products and services to consumers dreams of building a start-up. For any entrepreneur who aspires to create a market-leading product, this is the first step. In the post-covid pandemic era, you may easily start a digital business by simply creating a website. However, exposing all of your services and products on an internet platform has become a requirement. You will not be able to survive in the market if you do not do so. As a result, you must consider digital transformation from the beginning, or at CIAM maturity level 0.

Every industry will have its requirements and attributes. For example in the financial industry reliability and security of transactions is a must. In the medical industry, privacy matters more than security. In the retail industry scalability and usability is important because retail goods and services are consumed by people all over the world. Hence it is really important to think about all these aspects when you start a business.

At present, all these startups and small businesses are starting from CIAM maturity level 2 or above. This is mainly due to the adoption of digitization after the pandemic. Every business should have a website or mobile app to connect to their customers and manage transactions. Also, all businesses are interconnected with each other. For example, the retail business should interconnect with financial institutions for monetary needs and transport companies for deliveries and stock maintenance. All these businesses will have their systems and applications which can connect to build a network of businesses. It is clear that, when starting your business, CIAM is a key component that is required to build a seamless and secure integration between your consumers and applications.


First, you need to identify the applications that you provide for consumers to access your services.

  • A web or a mobile application that users can self-register and create an account to log in and use your native or hybrid services
  • A CRM system and other internal applications that you use to maintain your employees in your organization
  • Devices that are connected to your services

Next, you need to think about the number of users that you need to manage and how many parallel login requests you expect along with monthly active users for three consecutive years. This will help to understand the load of customers that you expect for your digital platform within the next three years. This value can be estimated but you should get this after proper market analysis.

Once, the above identification is completed, you can look into the technologies you have. If you do not have a proper tech team to build your applications and build your system, then the best decision is to go for cloud solutions. There was a common myth in the good old days, that cloud services are not reliable and insecure. It is no more valid today because now everything is on the cloud and the cloud is the most reliable, scalable, and secure platform available in the market. Other than that, cloud vendors provide additional services as well. They learn from their consumers’ behaviors through their platform and they share these insights with their customers who use cloud their cloud platform. This helps businesses to learn from other businesses. These insights do not include any consumer data, because these cloud services should adhere to the GDPR compliance as a MUST and/or PSD2 compliance if needed.

For consumer applications, the easiest way is to buy a sample web app/mobile app from your business category and edit it for your purpose. There are plenty of websites available to buy such applications. If not you can talk to a freelancer and get it modified as per your requirement at a low cost. 

Next, the harder part is how to add security to your consumer applications or devices. It is not a good idea to build backend systems and security modules by yourself because there can be loopholes or vulnerabilities that you might not see unless you use industry best practices. Hence it is ideal to use a standard identity and access management solution to cater to all the customer identity and access management requirements. This will helps you to cater below objectives:

  • Consumers must have a secure platform to access your applications
  • Consumers will have a better user experience
  • Consumers should be able to self-register seamlessly via social logins
  • Consumers will have secure login options like passwordless, biometric authentication, MFA, and Adaptive authentication
  • Consumers need to have a secure life-cycle management process
  • Your application and its flows will adhere to the regulations like GDPR, CCPA
  • Support for heterogeneous standard protocols in the market for secure authentication such as OpenID Connect, SAML2.0, FIDO2.0

Understanding all these above factors will help to select the right Customer Identity and Access Management solution to build the most secure and user-friendly digital platform to startup your business.

How to pick a better CIAM vendor to quickly go live with less cost?

  • Better to go for a Cloud CIAM vendor or an IDaaS solution
  • If you are a start-up or small scale business, It is always a good option to consider. It is because the initial cost for design and implementation will be relatively low compared to an on-premise solution. After all, it provides out-of-the-box industry-standard features on a per-user basis.
      • If you are a medium or large-scale business looking for a proper CIAM solution to adhere to industry best practices, then better to go for an on-premise solution with resource usage-based pricing instead of paying per user.
  • Better to evaluate two or more CIAM vendors before purchase
    • Different CIAM vendors offer the same features but their complexity levels could be different. Hence, it is always recommended to go for a developer-first product that provides a better developer experience in addition to consumers.
    • Evaluating multiple vendors will provide a clear understanding of the roadmap (short term/next 3 months) of each product. This will help to get a picture of how your business journey will map to the CIAM vendor's product journey.
  • Make sure your minimum requirements are satisfied

Minimum CIAM capabilities that are required by any startup are as follows:

  • Single Sign-On/Logout
  • Self-registration 
  • Social Login
  • Password recovery facilities
  • Email/Mobile verification
  • Password Management
  • User profile management
  • Support for integration

Make sure any other complex requirements are satisfied by the package you select for the first year.

  • Select a vendor with fewer customization complexities

There can be use cases or business requirements that are unable to be satisfied by the CIAM features provided out-of-the-box. If you have such requirements, it is better to choose a vendor who has more experience and flexibility in customizing. The vendor should provide more extensions points to customize their basic flows, more SDKs, agents to support application integrations, plugins for developer tools, and be backed by an integration platform that will help in future integrations.

  • Select a vendor with flexible pricing and support facilities

If you are a start-up it is better to select a vendor who is flexible enough to provide 24x7x365 support till you go live or even after that. The support and services of this selected vendor are really important for your go-live to meet your deadlines.

If you consider the above checklist when you pick up a vendor, you can easily find a proper CIAM vendor which covers all your CIAM needs at present as well as future requirements.

WSO2 Identity Server and Asgardeo are two leading CIAM products in the markets offered by WSO2. WSO2 Identity Server is ideal for customers who are looking for on-prem CIAM solutions that can be deployed in private clouds with enterprise-level support and flexible pricing models. It is more suited for large customers as it supports a core-based pricing model. 

Asgardeo is the IDaaS solution provided by WSO2 which is more suited for start-ups and small-scale enterprises with no IAM solution. You can trial both products for free.