12 Nov, 2020 | 3 min read

Why CMOs Should Care About Customer IAM

  • Darshana Gunawardana
  • Associate Director/Architect - WSO2

Today, customer identity and access management (CIAM) is essential for any business. From a customer’s point of view, the right solution enhances digital experiences by providing significantly better onboarding, personalization, omnichannel experiences, and privacy controls. In this post, we look at CIAM capabilities within the context of a customer’s journey across the awareness, consideration, purchase, and service stages.

The awareness stage is the very first step where a customer interacts with a company’s brand. This is where customers get to know about the product or the service offered by the business, which may lead them to access the company website or content on other platforms such as social media.

At this stage, customer interactions typically occur at an anonymous level without sharing any user attribute. Therefore, the involvement of a CIAM solution will be minimal as no identity information is available. However, it’s important to make use of products such as web analytics to preserve customer interest, which can be beneficial at a later stage.

Figure 1: A typical website

At the consideration stage, customers will have more focused needs and they will show more engagement by downloading datasheets, following product demos\trials, etc. Typically, one or two customer attributes are captured at this level. Depending on the prominence of the attributes, this would be the starting point of representing the customer as a light user account in the CIAM system. These accounts do not have any credentials associated with them since customers have not gone through an onboarding process.

At this level, a CIAM product’s inbound and outbound provisioning capabilities play a key role. For example, let’s say a prospective customer downloads a catalog from a product website by providing their email; then, the website would create a light account in the CIAM system using a standard provisioning protocol like SCIM. Next, the CIAM solution will (outbound) provision that user account to different marketing tools (e.g., Hubspot), CRMs (Salesforce), or web analytics (Mixpanel).

Another interesting integration would be to correlate the light account with web analytics. This helps to obtain more insights about users, such as geolocation and what type of content they looked at during the awareness stage. These details can be used to provide more relevant, personalized information in the future.

The purchase stage is the level that receives the most amount of attention at many organizations. Depending on laws and regulations, it will be crucial to have verified user details. However, it’s important to ensure that the customer registration and onboarding process is simple and user-friendly.

Minimizing the mandatory information fields that you request from a customer helps significantly. This can be done by auto-filling information that is already associated with the light account. Another way to do this is by using progressive profiling so that the customer has to provide additional details only when they access a specific service that requires these details.

Having to maintain a large number of accounts\credentials is a major pain point from a customer’s perspective. The ability to bring your own ID (BYOID) helps to simplify the registration process. This will also help to reduce self-service or call center interactions in later stages as it will lessen the need of having to recover an account owing to misplaced or forgotten credential details.

Moreover, having direct integrations with identity verification services like Evident ID in the CIAM solution reduces the overhead of providing various documents or having to go through a manual process to verify customer information, such as proof of citizenship, insurance validity, etc.

The service stage is also a key stage for many consumer businesses. The user experience at this level determines whether existing customers become champions or detractors for the brand.

From a CIAM standpoint, users should have seamless access to any product or service they consume. If there are multiple services involved, basic things like the ability to consume both services with the same account and having SSO among multiple applications have become must-have capabilities. Strong authentication with additional factors is also a need when accessing sensitive applications. In addition, adaptive authentication also plays a key role to balance convenience over security. Having mechanisms like Captcha, account locking, and risk-based authentication gives more assurance to protect customers’ accounts from malicious parties.

Figure 2: Strong authenticators

This leads to another vital requirement: self-service. Customers should be able to update and review their privacy preferences, such as use different emails for different activities, change associated profile information, and update contact information.

At the same time, a user should be able to adjust their security profile by configuring recovery mechanisms and register trusted devices for login. With the advancement of privacy regulations across the world, modern businesses must also give users data portability and the ability to deregister.

Figure 3: A user self-care portal

During the service stage, a business might also go through changes, e.g., mergers and acquisitions of other brands, and these activities should not drastically impact the customer experience. The right CIAM solution can facilitate these moves in an incremental manner.

CIAM can even help initiatives such as loyalty programs, which aim to increase customer engagement. Loyal customers might opt for early access to new products and also give more accurate feedback, which can be utilized in A/B testing for product or service changes.

As a CIAM solution is well connected with every system involving the customer, it enables a company to generate enhanced and actionable behavioral data that can be used to predict and determine possible interests. Even during unprecedented times, this information helps to make better-informed decisions. A CIAM solution can help to quickly adapt with minimum interruptions.

Figure 4: An analytics dashboard of user logins

In conclusion, a CIAM product should have the following capabilities:

  • User onboarding and verification
  • User and attribute management
  • Strong and adaptive authentication
  • Privacy and consent management
  • Customer self-care services
  • Integration with business apps and tools
  • Analytics and fraud detection

Enhancing the customer experience is at the heart of digital transformation. Today’s increasingly sophisticated customers view digital interactions as the primary mechanism to interact with products and services and, consequently, expect deeper online relationships delivered simply, securely, and seamlessly. CIAM plays a vital role to connect applications and APIs to customers.



[1] https://searchcustomerexperience.techtarget.com/definition/customer-experience-management-CEM-or-CXM

[2] https://medium.facilelogin.com/what-is-customer-iam-ciam-9f3d74c9632a

[3] https://wso2.com/solutions/ciam/

[2] https://hbr.org/2007/02/understanding-customer-experience