A customer identity and access management (CIAM) system is a required component of a successful software application, whether you have a single webpage or multi-channel site that spans across multiple sites and devices. There are quite a few CIAM solutions to choose from, but which one is the best fit for your application? Use these tips to help narrow down your search, and then check out the comparisons below.
When you consider CIAM solutions be sure to identify what are the most important use cases and security issues that apply to your business. Some solutions give you hundreds of features, even when you only need a few. (Unfortunately, you still have to pay for all those features you aren’t using.) Consider the following concepts as you compare CIAM solutions:
- On-premise, private cloud, or shared cloud – How much control do you need over where your data lives? Be sure to consider data privacy regulations, security concerns, and hosting costs.
- Single-tenant or multi-tenant – There are pros and cons to each approach, but which fits your application? Get more details on single- vs. multi-tenant solutions in this whitepaper.
- Ability to scale – How many users will you have? An application with a hundred users has very different needs from an application with millions. Plan for your expected size, and you won’t have to change solutions when your app suddenly goes viral.
- CIAM vs. IAM – Add the CUSTOMER to identity and access management make a big difference in how the system works. Which do you need? Learn the difference between CIAM and IAM here.
- Platform flexibility – What are you back-end hardware and software requirements? Pick a solution that fits your needs and will be maintainable within your development pipeline.
- Branding – Will your users care if they use a third-party branded login (i.e. Facebook, Google+) to use your site? Pick a solution that will maintain your users’ trust in your application, from login, to account management, to email communications.
Authorization and Authentication
- Devices and channels – Is your app accessed on a mobile device, desktop, watch, kiosk? Not all CIAM solutions support all devices, so ask before you buy.
- Individuals and groups – How will you organize your users? Some apps need to manage every single user, others can assign permissions and functionality as flexible groups. Determine how you need to assign roles and permissions, and select a solution that fits.
- Sign-up and verification – You should be able to verify and re-verify your users at different points during your application lifecycle to assign or revoke their authorization credentials. If not, your application will be vulnerable to common hacker exploits.
- Standards-based authorization – Identity management is not new, and there are powerful and secure standards like OAuth and OpenID Connect that are frequently tested, improved, and updated.
- MFA and SSO – If a site or service doesn’t have this, they are putting their users’ identities at risk. They are not serious about security and shouldn’t be trusted. Period.
- Ease of use – If a tool isn’t easy to use, no one will use it. Get a demo of the CIAM solutions you are considering and bring in a list of the common tasks you need to accomplish.
- Manage your users – A CIAM is a tool to help you manage a customer’s journey from the moment they register through every experience they have with your application. Make sure you can monitor their progress along the way.
- Reporting – User reports have been required to track the progress of every application since the first bit of software hit the internet. Look for reports like daily and monthly active users, logins and registrations at a minimum.
- Search and segmentation – If a customer account has an issue, can you find it to be able to help? User search shouldn’t be difficult, and being able to select similar groups of users will help you understand and improve their experience.
- Moderation, reward, and discipline – In an online world, it’s tempting to not follow the rules. Effective CIAM solutions are able to encourage positive behavior and discourage unwanted actions.
- Localization and language support – If you have a global audience, let them choose to be addressed in their own language in your communications.
- Character sets and password constraints – Advanced CIAM solutions are able to handle full Unicode character sets that don’t limit what can be used in a password. They also allow administrators the flexibility to adjust the password constraints to match their own security requirements.
- Flexible password hashing – For the best security, password hashing schemas should be flexible, updateable, and changeable without having to shut down the system or inconvenience the customer.
- Password assignment – Have you ever received a new password in a plain text email? That’s bad. Customers need to be able to select and change their own passwords without administrator intervention.
- Integration ability – No app lives in isolation. Modern CAIM solutions are able to connect and interact with outside systems with modern standards like webhooks and events.
- Migration tools – If you are considering moving from one solution to another, how will you get there? Ask what migration tools are available and how you get your existing users into the new system.
- Technical support – There are solutions available that are free to download and install, but if anything goes wrong you are on your own. Find a CIAM that gives you the level of support you need by phone, text, social and/or email.
- Custom feature development – CIAM solutions are designed to serve the general needs of a large set of clients. In reality, all of us are unique clients and have specific needs that can fall outside the standard service offering. (Burger King was built on this.) Choose a solution that will be able to work with your needs without forcing you to adjust your systems to fit theirs.
Comparisons of CIAM Solutions
Passport is a full-featured CIAM designed to manage identity and access needs of webscale applications. Built to solve the most common and complex challenges, it is one of the most flexible and secure CIAM solutions on the market. More than a login tool, we provide registration, data search, user segmentation and advanced user management across applications. Read the articles below to learn how it compares against these mass-market CIAM solutions, and contact us if you have any questions.
Learn More About Passport
If you just want to find out more about Passport and sign up for a free trial today, you can do that too. Right here.