Hi! As a follow-up from my presentation at Identiverse, I wanted to share my thoughts about the blurring boundaries between IAM and CIAM in this blogpost.
In a world where the network boundary no longer ends at the corporate firewall, identity has become the central mechanism for securing, managing, and enabling experiences that help businesses work more directly—and more productively—with all their constituents: employees, vendors, suppliers, partners, and customers. Today, whatever relationship a person has with a business, they can connect to it anytime they want using the device of their choice and a wide range of SaaS applications. But this didn’t happen all at once.
When we dropped the boundaries around the corporate network, IAM solutions helped us manage employee access to resources and apps the same way we did when everything was on-premises. The increased flexibility and internal productivity of this model were so beneficial that employees wanted to work the same way with their business partners.
At first, the only way to give partners access to apps, collaborative spaces, and business data securely was to create an organizational account for each partner employee. These accounts had to be managed and secured. Someone had to create each account, onboard the user, perform helpdesk tasks like resetting forgotten passwords, and retire unused accounts. With B2B IAM solutions, we can now support collaboration with less management burden by giving external users access to resources based on the work identity from their organization.
This was a great step forward, but we also wanted ways to better engage with customers, particularly those using mobile devices. This meant publishing web and mobile apps with beautiful, tailored user experiences. But, as with B2B, allowing each consumer to create an account would increase the management burden. The business would also become responsible and liable for protecting customer accounts and the information associated with them. Customers, for their part, would have to keep track of another username and password.
CIAM solutions make it possible for consumers to use their social identities to sign up, set preferences, stay in contact, and make purchases. They not only reduce the management burden and liability for businesses, they enable powerful scenarios like using CRM systems to keep track of customer interactions and purchase behavior, which helps businesses improve products and services, target marketing more effectively, and customize offers.
Meeting people where they are: the next evolution in identity
Identity has made great progress. We now have solutions addressing the core business scenarios of making employees productive, collaborating with other organizations, and engaging with customers. But we’re now dealing with constraints and complexity because each of these solutions supports a different scenario with a different technology stack. Since IAM solutions for B2B are optimized for extending the employee experience to partners, they focus on security management, access management, lifecycle management, and built-in governance. CIAM solutions, which are optimized for enabling consumer engagement, focus on customized, branded experiences that are largely self-service.
These separate solutions extend IAM capabilities, letting us recognize individuals to give them secure access to apps and information they need. Although they weren’t designed to work together, they’re more similar than most people realize. So, why keep them separate?
- What if we want to make it easy for business partners to collaborate with our employees, but we want to support self-service, so we don’t have to be their helpdesk?
- Can we set up a customized, branded portal that shows business partners all the resources they have access to in one place?
- What if partners are too small to have an IT department? Can we let them sign-in with their own email address or a social ID the same way I let consumers sign in with theirs?
- What if partners do everything via phone apps and never use email? Can we let them sign-in with their phone numbers?
Because the above scenarios mix components of IAM and CIAM solutions, customers get confused about which stack to adopt, and what they choose may not have everything they need. What if, instead of a different solution for each type of business relationship, we had a single solution that meets people where they are? In other words, what if the solution centered on the individual and all the types of relationships they may form with an organization?
When it comes to people and their relationships with a business, most don’t have a single role: employee, business partner, or customer. They may be a business partner in their work life and a customer in their consumer life. They should be able to sign into an experience using a single identity, select the appropriate role, and switch experiences by switching roles.
Here’s how this could look:
| Natasha engages with Woodgrove Title Insurance both as a real estate agent and as a homeowner. | |
| She signs into the Woodgrove Title Insurance portal using her Gmail account as her username, which is also her Google ID. | |
| When prompted to select her role, she selects Registered Agent. | |
| She now sees the Woodgrove experience customized for the real estate broker she’s associated with, Fabrikam Residences. From a dropdown list, she can switch to her consumer role as a Home Protection Plus customer. | |
| She then sees the Woodgrove experience that’s customized for consumers. |
This is just one type of rich experience made possible by combining the collaboration functionality of IAM for B2B with the customized user journeys enabled by CIAM. Other possibilities include relationships with an organization that change over time.
For example, individuals start their college careers as applicants. Once accepted, they become prospective students. Once they matriculate, they’re students, and once they graduate, they’re alumni. If they take graduate courses, they become students again. If they take a teaching assistant position as part of their graduate studies, they’re now students, alumni, and employees.
An individual interacts with their university in a different way in each of these roles. With a holistic external identities solution, the university can provide a custom experience designed for each of these relationships.
To enable such scenarios, we need an identity solution that meets people where they are. It must accept identities from many sources and allow organizations to build secure, customized user journeys and experiences based on the relationships they have with other organizations and individual people. The identity solution needs to be flexible, so it can accommodate the future.
Because the boundaries between the different relationships individuals have with organizations are blurring, the siloed solutions we have today aren’t flexible enough to carry us forward. Trying to fit individual people into an IAM or CIAM bucket just doesn’t work. We need to meet people where they are.
It is therefore a perfect time for you to evaluate if the identity journey in your organization meets people where they are!
For example –
Consider embracing Bring Your Own Identity (BYOI) if you’re still creating accounts for customers or allowing them to create accounts, as that adds business risk.
Make sure to deeply understand your branding needs and find a solution that is flexible.
Make sure you can partner with organizations of all sizes, from mom and pop shops to large businesses.
Offer experiences that are intuitive and contextual that helps users understand what they’re doing and in what context they’re taking actions.
In short, are you meeting your users where they are?
I’m extremely excited about this vision! If you have scenarios that you’re trying to achieve in your transition towards digital transformation, I’d love to hear from you! Let’s talk!
Sangeeta Ranjit
Principal Program Manager
Microsoft Corporation
