Customer Identity. It's everywhere in the identity market at the minute. It's almost as though the industry has spotted a new market and now wants to crush the sales sheet. It's not new. Organisations have needed Customer Identity since the first commercial websites stumbled online. Probably before that when e-commerce marketplaces first started. Actually, before that when people started buying things and stopped bartering.
There are plenty of posts about the differences between Workforce Identity and Customer Identity Access Management (CIAM), and they are all certainly correct, but I wanted to give my take on it from inside those CIAM projects.
Technically, there is no difference between the core requirements of Workforce and CIAM. It is still the same identity standards and protocols, securing access to applications and services that your customer wants to access. You still want access to be secure. You still want to remove friction from that access.
So, what is the difference?
The difference is in the target users, the importance of the user experience, the wider services that supplement and support your CIAM service and who in the organisation is interested in your identity service working properly.
A few examples to illustrate.
Workforce Identity Service
Standard stuff. Dan can do his job.
Who cares about it? Dan. Dan’s Manager. The IT Department. Potentially HR.
What services are involved? Okta. Google Sheets.
Customer Identity Service
Jenny logs into Big Corp's primary commercial web property with jenny2002@gmail.com. Big Corp uses a separate Okta service for CIAM, a solution called Customer Identity Cloud. The website shop.bigcorp.com supports OpenID Connect and Jenny is prompted for MFA. Standard CIAM stuff and Jenny can buy that new Big Corp laptop.
Who cares about it? Jenny. EVERYONE at Big Corp. This is their whole business.
What services, departments and stakeholders are involved? These...
Yes, that's deliberately obscured a little as I didn't want to give up all the hard-won insight without the reader making some effort. You get the idea though. The reach of Customer Identity is the whole business. The stakeholders in your CIAM service are many.
It's not just about having a pretty login screen.
If you're embarking on a CIAM project or you have a CIAM service that isn't delivering the goods, then come and talk to us. We know this stuff and we play with a straight bat.
We can also give you a pretty login screen. We have a product called Chameleon that allows full customisation of the UX for all user journeys, UI and notifications for CIAM on Okta. It was designed to hide the edges between your products and your identity service. Single or multiple brands across all your applications and services. If your brand is important, and it really is, then your CIAM service should reflect that top to bottom.
Can you spot the Chameleon?