CIAM versus IAM

21 October 2020

CIAM – Customer IAM – just a variation of IAM?

The term CIAM – Customer Identity & Access Management – describes the identification and assignment of access permissions to “external” users of an organisation such as, for example, customers, partners, members of associations and federations, or citizens who deal with public agencies over the Internet.

An IAM system manages “internal” users instead, i.e. the employees of an organisation.

Why is it important to differentiate between IAM and CIAM?

First of all, the following principle applies to CIAM: “The customer is king.” User-friendliness is higher priority in CIAM than in a company’s internal IAM. User-friendliness is higher priority in CIAM than in a company’s internal IAM. Good CIAM applications often require a paradigm shift for operators of online services and their IT specialists.

Secondly, because the requirements of technologies for these two areas are anything but identical; that is to say:

The number of users can be very large for a CIAM application, and they are largely personally unknown to the operator of an online service.

Traditional IAM systems are designed for a number of users in the order of magnitude of ten thousand. In a company’s internal use, this limitation leads to technical detours and tedious adaptations, because the number of external users can quickly go beyond this scope. Many web shops, banks with online services or entertainment portals have already broken the 1 million mark. And at this order of magnitude, there are no adaptations that can help.

Furthermore, external users are usually not known personally to the operator of an online service. Every company has detailed information on its employees. However, which web shop has a direct contact to each one of its online customers?

For the above reasons alone, the identification of external users and the assignment of individual access permissions put major demands on CIAM, which traditional IAM systems cannot handle.

What else CIAM does

The necessity of managing a high number of users and their secure identification is perhaps the most important requirement of a CIAM system, but not the only one. The following points also play a major role:

  1. The customer wants it to be fast and convenient. A company can specify complex access rules to its own employees, but not to its customers; otherwise they will change to other providers that make their lives easier.
  2. Money is very often involved in a CIAM environment. Just think about web shops or booking portals. Although the amount of the individual transactions is frequently moderate, it reaches considerable amounts in total through the high number of users. Inadequate security through weak identification and sketchy access assignments can cause a lot of damage.
  3. Working with personal and confidential data is just as critical. .
  4. The Internet is very attractive to medium-sized firms, because it enables business expansion without excessively large investments. However, classical IAM solutions are mainly designed for large companies. Firstly they are expensive, and secondly very complex. Their installation and maintenance are complex and call for the use of specialists, which medium-sized firms often do not have.


We make the difference.

Classical IAM solutions are mainly designed for internal use in large companies. They cannot cope with the technical requirements of a CIAM solution for organisations of all sizes, and the high costs of the IAM projects so far are a hurdle for medium-sized firms.


We have developed an innovative solution for this: Login-Master