ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

When does an Identity and Access Management (IAM) solution become a Customer Identity Management (CIM) solution?

Updated on January 25, 2017

Honestly, the title of this post is a sort of misnomer because frankly an enterprise Identity and Access Management (IAM) solution can never be turned into a whole consumer facing Customer Identity Management (CIM) solution. Many have failed trying. But, why? This is the question this post will attempt to answer by defining what each of these two are and why they are interchangeable.

What is Identity?

In the physical world, people are identified by their facial features by others who know them. For access to sensitive information and to prove identity in secured regions, people use identity cards issued most commonly by government authorities such as driver’s license, passport, general identity cards etc. Their purpose is to make sure the right person is allowed access to the right resources and at the same time prevent misuse by unscrupulous persons.

What is Digital Identity?

Digital identity is the Web translation of a physical identity card in the real world. Except that digital identities issued by no authority is accepted universally on the Web forcing people to create multiple identities for themselves as and when the need arises. But such a digital identity is only valid within the domain of the issuing website. For instance, a Gmail email address can only be used to access mails addressed to that Gmail id. And identity lifecycle begins with provisioning (creation of the identity) and then goes on to updating, use, maintenance and deprovisioning.

Access management
Access management | Source

What is Access?

Access is akin to a gatekeeping on a network. Publicly available resources like website content can be readily accessed by opening the website in a browser. But private network resources like emails can be accessed only after a successful login.

A successful login happens after a successful authentication. Authentication is the validation of the credentials of a person presented to the respective network. For instance, Gmail provides access to received emails only when the right email address and password combination is presented to the Gmail network through its login page. The next process is authorization which provides the authenticated identity access to the right resources based on the domain’s authorization protocols.

What is enterprise Identity and Access Management?

Identity and Access Management is the combination of all the above processes undertaken by one domain authority to provision identities, authenticate them, and authorize them to access network resources. Enterprise IAM solutions are usually employed within an enterprise where the network is relatively small and the identities are provisioned only for employees. The purpose is to create a coherent framework for employees to access resources at work and collaborate with other employees working in different locations of the enterprise. The main motive, however, of enterprise IAM architectures is to protect the network resources from unauthorized access. For instance, different levels of employees would have different levels of access to resources based on the authorization protocols. Access is defined by the person’s identity, roles and responsibilities. Security is a key focus and driving force behind the installation of an IAM solution at an enterprise.

What is Customer Identity Management?

Businesses often make the mistake of placing enterprise IAM and Customer Identity Management in the same territory. But rightly speaking they are two ends of a spectrum. Customer Identity Management is a consumer focussed architecture while enterprise IAM is a security focussed architecture. That alone brings a world of difference because it changes the entire orientation of the architecture necessitating the addition of several additional features that would otherwise be absent.

At the same time, it would also be wrong to say that security is not a driver for a Customer Identity Management system since security is equally important even in a consumer facing environment. But, at the basic level, Customer Identity Management solution has many aims both from the customer and implementing business’ perspectives.

Customer Perspective

From a customer perspective, a Customer Identity Management solution strives to provide a better customer experience (CX) through frictionless use, self management of profiles, ease of authentication products like Social Login and Single Sign-On, privacy and security for personal information entrusted with the business, a cross-device and a continuous cross-channel experience, geographical independence, highly available and responsive. The absence of even a single factor among the above contributes to a negative or bad CX which can potentially put off the customer resulting in revenue loss. The Web has added a layer of service across all businesses making the service and transaction (prior and post) experience as important as the product itself. Because most vendors have the products but it is how they sell and how they value their customers is what makes the difference. A Customer Identity Management solution is not just a repository of customer identities and credentials but a solution that enriches the brand-customer relationship.

Business Perspective

From the business perspective, the Customer Identity Management solution is aimed at producing a single view of every customer drawing from consumer data across different channels and devices which eventually also helps provide a unified CX for the customer. Additionally, the Customer Identity Management solution also helps in creating and nurturing the brand-customer relationship enabling provision of a personalized approach since each customer is identified as a single individual with a different set of traits and tastes. Not only this the the Customer Identity Management solution also works as a focal point for all the marketing, CMS, segmentation, CRM technologies businesses use to implement their marketing strategies.

How is enterprise IAM different from a Customer Identity Management solution?

Enterprise IAM and Customer Identity Management differ in the following ways:

Scale: Enterprise IAM is restricted to a distributed enterprise at best. But a Customer Identity Management solution is designed to serve a customer base irrespective of their geographic location making it truly distributed. A CIM solution is also designed to be truly scalable and dynamic in its database implementation to continually evolve and keep accepting new fields of consumer data.

Self-management: Enterprise IAM solutions don’t usually allow for self-management of profiles including provisioning, password recovery, deletion of accounts and so forth. All of these processes are carried out by the controlling administrator of the solution. However, in case of Customer Identity Management solutions, the using customer is allowed to perform all of these functions without waiting for permissions or access from the administrator.

Distributed Access: Enterprise IAM solutions are usually designed only to work from the designated workstations but definitely not aimed at implementing a cross device, cross channel interaction which is the case with a Customer Identity Management solution.

Why an enterprise IAM can’t be transformed into a Customer Identity Management solution?

Several businesses look at employing the shortcut of transforming an enterprise IAM into a CIM solution on the premise that both essentially provide the same functions of provisioning, authentication and authorization. Of course, these functions are at the heart of both the solutions but beyond the similarities are hard to find. Transforming an enterprise IAM into a Customer Identity Management solution would mean altering the entire architecture itself. As defined above, there are several defining functions in a CIM solution that an enterprise IAM solution doesn’t possess which means altering its architecture. Of course, businesses can also imagine of a situation where the same enterprise IAM solution is used to interact with customers (imagining they are employees). However, such an idea may also be futile again for the simple reasons that an enterprise IAM solution doesn’t provide the functionalities and extensions that a critical to establishing and nurturing relationships with customers.


    0 of 8192 characters used
    Post Comment

    No comments yet.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)