This presentation discusses consumer identity and access management (CIAM) and its importance in digital transformation. CIAM enables digital customer experiences by allowing customers to register and authenticate across channels while protecting privacy and security. The presentation covers key CIAM features like registration, authentication, user profile management and their architectural considerations. It also provides an overview of the CIAM market landscape.

1. CONFIDENTIAL AND PROPRIETARY
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other intended recipients. This presentation may contain
information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates.
© 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Felix Gaehtgens
The Important Role of Consumer IAM in the
Digital Transformation

2. 1 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Conversion
Retention
Advocacy
ConsiderationAwareness
Start
Consumer identity
and access
management
(CIAM) enables the
digital customer
experience. It is a
foundational
element of your
digital
transformation!
Awareness Consideration Conversion Retention Advocacy

3. 2 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. CIAM and the digital transformation overview
2. CIAM features
3. CIAM architectural considerations
4. CIAM market landscape

4. 3 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. CIAM and the digital transformation overview
2. CIAM features
3. CIAM architectural considerations
4. CIAM market landscape

5. 4 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
CIAM and the Digital Customer Relationship
Consumer IAM
Customer
Experience
Privacy &
Compliance
Security
Digital Customer Relationship

6. 5 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Customer Experience
Connect
 Registration
 Authentication
Retain
 Engagement
and loyalty
 Customer
identity analytics
 Marketing
integration
Collect
 User profile
management
 Preference
management

7. 6 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Privacy and Compliance
Legal
Audit &
Compliance
Security
Risk
Management
Board of
Directors
PII
Protection
Russia
PDPA
Social
Media
TOS
Consumer
Bill of
Rights
GDPR
Privacy
Shield
CASL
COPRA
WCAG

8. 7 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Security: The Six Principles Of Resilience
Business Outcomes
Risk-Based
Data Flows
Facilitator
Detect and
Respond
Principle of
Trust and
Resilience
People-Centric
Identity^

9. 8 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
CIAM Requirements
 Identify customers across multiple channels.
 Create customer engagement through a seamless user experience.
 Collect first-party data about customers.
 Unify customer data across platforms.
 Enable customization, branding and personalization.
 Prevent fraud and secure data.
 Protect consumer privacy.
 Integrate with marketing and master data management systems.

10. 9 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. CIAM and the digital transformation overview
2. CIAM features
3. CIAM architectural considerations
4. CIAM market landscape

11. 10 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Not Your Parent's IAM System
Employee Consumer
Medium to Large Scale Massive
Centralized Control Distributed
Business Focus Individual
Captive Audience Volunteer
Limited & Structured Data Vast & Unstructured

12. 11 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Registration
 Moves user from an anonymous user to a
known user:
– Represents a shift in the relationship between the
business and the user
 Provides an opportunity for data collection
 Lays the foundation for a rich customer identity
Subscription
Social sharing
JIT
provisioning
Registration
Progressive
profiling

13. 12 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Registration "Lite"
 Growing demand for lite touch registrations:
– Subscription Only:
 Email registration
 No password required
– Social Identity:
 Connectivity to common social platforms
 Data sharing
– JIT provisioning

14. 13 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Registration: Account Creation
 Simplicity is king!
– Prebuilt templates
– Conditional workflows
– Check boxes
– Prepopulation of fields
 Customizations and branding
– Extensions and APIs to support
UI customizations and
integration with existing UIs

15. 14 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Identity Proofing
 Verifies the authenticity and identity of a user and helps prevent fraud
 Common in high assurance CIAM use cases:
– Financial transactions
– Health related transactions
Collect
evidence
from the applicant
Verify
the claimed
identity
exists
Verify
the claimed
identity
belongs to
the applicant
1 2 3

16. 15 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
- Consumers demand low or no touch authentication mechanisms.
- CIAM authentication methods bleed into EIAM use cases.
 Username and password (old school)
 Social login
 SMS
 Push
 Biometrics (replacing passwords)
Authentication

17. 16 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Setting the standard!
Consumer IAM
solutions highly utilize
industry standards
including:
 SAML
 OAuth
 OpenID Connect
 Simplified sign-on with social login.
 Unified customer experience:
– SSO across web applications and other
digital touchpoints.
– SSO across multiple accounts split by
brand/company/product, etc.
 Universal logout.
Authentication: SSO

18. 17 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
 Continuously evaluate risk
 Make authentication decisions
based on behavior
 Balance security and usability:
– Stepup based on behavior:
 Low-risk behavior = seamless authn.
 High-risk = stronger authn.
Authentication: Adaptive

19. 18 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
User Profile Management
 Allow users to manage all aspects of their user profile:
– Identity data
– Social links
– Marketing opt-in and opt-out
– Preferences
– Passwords
 Create customer identity data incrementally and over time
 Enhance identity data to create deeper and more meaningful
relationships with customers

20. 19 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
CIAM vendors must stay well-informed on data protection & privacy
laws as well as social providers' terms of service in order to remain in
compliance with ever-changing policies.
 Transparency and control are essential to a CIAM offering:
– Consent at login, registration and defined interactions
– Control of social attribute sharing
– View and manage all consents
– Opt-in and opt-out
– Account disassociate/delete
Preference Management

21. 20 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Audit, Reporting & Security Analytics
 Focus on protecting both the business' assets and consumers' privacy
 Differs from enterprise IAM audits
 Includes:
– Reporting
– Real-Time Monitoring
– Fraud Detection
– Behavioral/Contextual Analysis
– SIEM and GRC Integration

22. 21 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. CIAM and the digital transformation overview
2. CIAM features
3. CIAM architectural considerations
4. CIAM market landscape

23. 22 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Data Storage
 Scale, scale, scale:
– More and more organizations are hosting identity repositories in the cloud
 Must support structured and nonstructured data
 Must handle complex relationships
 Identity store must be extensible:
– Schema extensions
– Unlimited attributes on user record
– Fully indexed data
– Able to pull in additional detail

24. 23 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Data Aggregation
CIAM VDS

25. 24 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Mobile Optimized, Omnichannel Experience
Social
Media
Smart
Mobiles
Physical
Store
Online
Catalog
Websites
Gaming
Consoles
Kiosks
Computers

26. 25 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Digital Touchpoint Consumer Digital Product/Service
IoT

27. 26 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Performance, Scale and Availability
 Always available 24/365:
– Load balancing
– Failover
– Data replication
 Performance at scale:
– Subsecond logins
– Traffic spikes
– Millions of users
10s
100K
1M
25M
500M

28. 27 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Security and Compliance
 Providers should be ISO 27001 certified
 Implement advanced access controls and permissions:
– Group membership
– Role-based access control
– Fine-grained access control (e.g., only your own patient records)
– Support for multiple authentication methods
 Data encryption (at rest and in transit)
 Adherence to data residency and retention laws:
– Vendors are responding to new requirements

29. 28 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Master Data Management/Marketing Integration
 Identity data provides valuable customer insights
 May integrate with common MDM, marketing and customer relationship
management systems:
– Bidirectional integration
 May be some overlap between CIAM tool and marketing tools:
– Determine data flows
– Determine which system is performing what functions
 Support for CIAM analytics varies among vendors

30. 29 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
I've Got an API for That!
 Buy, build or both?
 Indicative of early market
and developer focus.
 Driven by need to customize
and brand (agile Mode 2 operations).
 Mature solutions must support
both APIs and GUI.

31. 30 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Degree of Productization Versus Method of Customization
Limited
Agility
Full-
Featured
and Agile
Homegrown
Limited
Function
Custom Product
API
API and GUI

32. 31 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
IDaaS Versus On-Premises
IDaaS Software
Software platform and installation ease
Software maintenance and upgrade ease
Security and data protection
Privacy
Agility
— Worse — Better

33. 32 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Key Issues
1. CIAM and the digital transformation overview
2. CIAM features
3. CIAM architectural considerations
4. CIAM market landscape

34. 33 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Vendors — Deployment Approach
Gigya
Janrain
LoginRadius
IDaas
Microsoft
Okta
Salesforce
ForgeRock
Oracle
Own
Instance
Radiant Logic
Varies
Auth0
CA
Technologies
IBM
Ping Identity

35. 34 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
Vendor Venn
Diagram
Enterprise
Marketing
Developer-Focused
Auth0
Gigya
CA
Technologies
Janrain
LoginRadius
ForgeRock
Oracle
Microsoft
IBMSalesforce Okta
Radiant Logic
UnboundID
Ping Identity

36. 35 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
 IAM teams engage your digital business peers, today!
 Build a CIAM solution that:
– Provides a seamless customer experience
– Protects consumer data and privacy
– Secures your business assets
 Consider the impact of mobile and IoT initiatives on CIAM
requirements.
 Utilize push and biometric authentication mechanisms
 Put end users in the driver's seat with consent management
Recommendations

37. 36 © 2017 Gartner, Inc. and/or its affiliates. All rights reserved.
 Match scale of implementation to vendor capabilities across multiple
dimensions (authentication volume, number of databases, etc.).
 Consider if you require a tool that is tailored for developers or
business people or both.
 Understand how CIAM innovations may enhance EIAM initiatives.
Recommendations