CIAM Beyond Access Management - Is Your CIAM Programme There Yet?

Featured Post

CIAM Beyond Access Management - Is Your CIAM Programme There Yet?

An important question to pose to the modern organisation is how mature is their Customer Identity and Access Management (CIAM) programme, and how do they plan to evolve it? Recently, we have seen a real desire from organisations to move beyond delivering the traditional CIAM requirements focused only on security to delivering a richer, more personalised experience for customers, across multiple touch points. In fact, 67% of the 200 UK and Ireland respondents who took part in a WSO2 and Vanson Bourne research study last year said they are utilising a CIAM platform. With this context in mind, it is a promising sign, therefore, that we have seen many existing and prospective CIAM customers seeing a fairly rapid evolution in maturity over the last year at WSO2.

So, what level do you think your organisation is at currently, and how can you strive for an optimised level of maturity? This article will showcase what leading customer-first organisations are currently accomplishing, which starts with thinking beyond access management.

Progressive profiling: Minimising the friction

Organisations are transforming their digital experiences at full speed. They are striving to provide the unified, multi-application experiences customers now expect. But these changes are accompanied by obstacles. Typically, these include how to:

  • Streamline user onboarding.
  • Reduce friction during the registration and login process.
  • Provide unified authentication across channels.
  • Manage identities and authentication for external B2B applications.

Most requirements organisations identify are focused on capabilities that simplify the user registration and login process for customers. Traditional CIAM solutions to simplify registration and login include tools like SSO, MFA, social login, and consent management. All of these are important but they are limited to access management or access control. Essentially, it’s all about seamlessly letting ‘good customers’ in while keeping the ‘bad customers’ out.

An important and evolving requirement here revolves around consent and privacy requirements. Regulatory requirements can vary by geography, but organisations generally understand that they need to enable their customers to control data collection, retention, and processing. Successful organisations require the minimal amount of personal information at the beginning of a customer relationship (for example, pre-registration and onboarding) and then use progressive profiling to ask for more information as the customer onboards and then eventually consumes more services. Progressive profiling minimises customer friction and reduces the risk to the organisation of holding unnecessary customer data.

CIAM is evolving to provide a unified view of the customer

Leading customer-centric organisations want to move beyond the basics to deliver a truly secure and personalised experience to their customers. These organisations don’t want to marginalise their good customers by forcing strict and multiple security measures on them, but rather identify and analyse the risk posed given the context and adjust the security measures dynamically to mitigate the potential risk. The bottom line is, let’s not treat our customers like criminals.

Competition is fierce, and it’s never been easier for people to change providers following a poor digital interaction with a brand. To set themselves apart, organisations need to make their websites and mobile apps more engaging, personalised, and meaningful for users. Achieving this goes beyond simply gathering information; it involves intelligent use of it to improve digital experiences. This includes enabling multi-experience applications to provide a unified experience across all the various customer touch points. This is the first step to going beyond access management - creating unified multi experience applications. However, for some businesses, this is a complex undertaking as they may have multiple web and mobile apps that vary by geography, business unit, department, B2B partner, and more.

The next challenge is to break down the individual data silos, that only have partial knowledge of a customer’s activity, to create a unified view of customer identity. The unified customer view must be integrated into not only all customer touch points but also a variety of complex business systems that can help deliver a personalised CX. These systems could be based on legacy technologies or follow the latest cloud standards. Examples of these systems go beyond the obvious sales and marketing systems, to include a variety of business apps, directories, and other systems of record. It’s easy for a CIAM vendor to try and check this integration box by touting a few connectors to sales and marketing systems, but the reality is that most environments are more complex than just that, and more comprehensive API management and integration capabilities are needed here.

Industry leaders such as Hard Rock are already offering a comprehensive, secure, and personalised experience to their patrons using WSO2 as a foundation. To do that required overcoming an incredible amount of complexity. Hard Rock needed to consolidate 10 different loyalty programmes into one, and this required over 100 integrations to various customer-facing and back office business systems.

What’s in the immediate future for CIAM?

While simple CIAM solutions can provide the core security functions needed for a solid user experience, the next stage of CIAM (CIAM 2.0) builds on this by unifying and integrating identity information from many silos to establish a comprehensive personality profile of a customer’s preferences, activity history, and other patterns. This enables business leaders to offer incentives, cross-selling and up-selling, and an overall personalised experience based on a holistic view of each individual.

The combination of identity information and personality information creates what we call a “digital double”—a holistic digital representation of a customer. The digital double can be leveraged through machine learning and AI to create real-time and predictive services via APIs, feeding multi-experience applications with the relevant information needed to offer the ultimate secure and personalised experience in real-time to delight customers.

Key considerations: Get the basics right


As you move towards offering a more personalised experience for your customers, obtaining their consent is paramount. Customers need to opt-in to you gathering their identity and personality experience so that you can deliver personalised experiences that delight them. Ultimately, it’s up to the end customer to decide whether an organisation can track their identity and personality information in order to enhance their experience. At WSO2, we are excited about emerging concepts such as decentralised and self-sovereign identity that will empower customers to share only the information necessary to optimise their experience while also protecting their privacy.


Snippets of identity and personality information, if not unified to create a digital double, will limit the extent to which you can offer personalisation. However, this can only be done with the customer’s full consent and a robust CIAM and integration platform. By doing so, you will be able to develop more context and predictive capabilities, enabling you to provide a more personalised experience. But the scope of this comprehensive context is limited to identity and personality information directly related to the customer’s use of your products and services.


Artificial intelligence will be critical to getting the most out of your CIAM and CX initiatives. Emerging technologies such as ChatGPT and Google Bard are demonstrating the power of AI and will soon bring its use into the mainstream. It’s important that your CIAM platform utilises AI to provide automated, real-time, and predictive personalisation at the API level.

So where is your current CIAM initiative and where are you headed?

Regardless of where you are in your journey, it’s time to plan ahead. CIAM is here to stay, and your customers know it too. Add a robust platform that is likely to significantly reduce your development costs and minimise the risks to your software stack associated with continuously having to evolve your CIAM solution to keep up with the latest standards and trends.