According to an Optimizely report, Reimagining Commerce Report 2020, most consumers use six or more channels and two devices before making a purchase.
They research products on the brand’s website while multitasking on their laptop, check another retailer’s mobile app for in-store availability, then go to Amazon because they got an email about a deal or saw an ad on Instagram.
How do marketers keep track of their customers to have a single connected conversation and ultimately deliver a better experience?
Here is where Customer Identity and Access Management (CIAM) comes in — digitally pinning down individual customer data for further access and management through their journey.
This identity is formed using deterministic data collected from authenticated identifiers like logins, loyalty card numbers. CIAM helps integrate authentic and authorised data regarding customers into customer-facing applications, which may be used by multiple teams. If the user remains logged into a social media platform, a brand site, an email account, or any other online account, they can be recognised. This provides marketers with richer and more usable data about individual behavior and a clearer path to attribution.
For a customer, these solutions help in registration, self-service account management, consent and preference management, single sign-on (SSO) or multi-factor authentication (MFA). Customers want two things — brands to provide personalized experiences and protect them from fraud, breaches and privacy violations. The right identity solution can help brands deliver on both.
Evolution of Identity Management
CIAM is an evolved version of the Identity Access Management (IAM) system used for human resources in employee management. It established the concept of single sign-on (SSO), which allows users to sign on to all their applications and services with one set of credentials. It gives employees and customers one-click access and reduces the number of separate accounts and passwords they need to manage.
In contrast, Multi-factor Authentication (MFA) gives marketers or employers an assurance that users are who they say they are. It requires them to prove their identity by providing at least two pieces of evidence from two different categories. For example, a category called possession includes device signatures, passports, hardware devices containing a credential, private key.
The knowledge category refers to a password or PIN, inherence refers to a biometric characteristic and context includes behavior patterns or geo-location.
While IAMs were primarily concerned with the security aspect of access management, CIAMs work to provide unified customer profiles, create identity graphs that seek out patterns in behavior and connect with CRMs so marketers can offer personalised and consistent experiences across channels.
Post-pandemic, omnichannel marketing is part of the new normal that tops the chart of customers expectations. When choosing a CIAM for your business, ensure it is built for security, privacy, scalability, usability and API and integration.
Solutions providers include Bitium, Centrify, CyberArk, Covisint IoT Services, ForgeRock.
Here is how CIAM works behind the scenes:
This is the first step in a CIAM process. User registration allows brands to convert anonymous, casual website visitors to known, active, registered users. If the registration is too difficult, the customer will abandon the process, which will have a negative impact on the business. Ideally, organisations must provide users with multiple registration options, such as self-service registration or social registration.
Time is a crucial factor to determine whether the user will abandon the process mid-way. The individual’s identity must be validated before a user account is created. The most common identity-proofing technique is email verification.
Profiling must be progressive. That means that the organisation builds a comprehensive user profile over time. At the time of registration, a user account contains only a handful of attributes. Once the customer is more accustomed with the brand it can prompt the user for additional identity data, or add details such as usage and purchase history.
Apart from SSO and MFA, social login allows a user to access a third-party application without having to go through a new registration process. Here Facebook, Twitter, LinkedIn or Google authenticates the user and allows the CIAM system to capture the user’s identity attributes.
CIAM systems use a risk or fraud detection engine to choose the right authentication mechanisms and permit or deny access, or transaction completion.
Strong solutions provide centralized data access governance policies. This means that it allows consumers to provide granular preferences about how the brand uses and stores their data.
If you liked reading this, you might like our other stories