Akamai Diversity

The Akamai Blog

How is CIAM different from IAM? Four big reasons.

Managing identities is a central concern of every enterprise. Almost all businesses have employee identity systems in place to manage internal access to different apps and systems within an organization. Sometimes, enterprises will attempt to extend their internal-facing identity management systems -- often called enterprise IAM, workforce IAM, or just IAM -- to their customer-facing apps, devices and web properties. Such an approach underestimates the significant differences between traditional IAM and customer IAM (or CIAM).


Enterprise identity management is designed to support a closed ecosystem where an IT team creates accounts and assigns roles on behalf of a few to a few hundred thousand employee users. Customer identity management supports public-facing apps and devices where millions to billions of consumers create their own user accounts -- sometimes creating multiple accounts.

A customer identity management platform must be architected to handle the data spikes that come with promotional campaigns and unplanned events. Its design must include adequate failovers and the ability to rapidly spin up new instances when needed, ideally scaling up and down automatically and adjust its computing resources to the traffic volume in an elastic fashion. Global data center distribution to ensure the best system performance and highest uptime levels is essential. The Akamai Identity Cloud was built from day one for this use and engineered to provide the scalability and elasticity that large brands require.

User Experience

Workplace IAM benefits from having a captive audience -- employees will tolerate poor performance from their authentication systems. However disruptive it may be, they have little recourse but to cope with the system. Customers are not so forgiving and are likely to stop using a brand app or software platform if it doesn't meet their expectations for easy, fast and reliable access. Because of this, customer identity management systems need to provide a better user experience -- including better availability and less latency -- than traditional IAM.

CIAM produces a better customer experience with customizable registration, progressive profiling and social login options that lower the bar for entry. But the core virtue of a enterprise-ready customer identity solution is its reliability -- your app, site and service registration has to be available around the clock.


IAM systems have been designed with a quite a few restrictions in mind that are counter the realities of managing public identities. Most traditional IAM deployments support heterogenous applications across a closed, corporate network. Customer IAM needs to support heterogenous applications across an open, public network -- the Internet.

In addition, IAM and CIAM are designed with different end user sets in mind. With workplace IAM, users are known by central IT; access rights, roles and profiles are pre-assigned. With customer IAM, users create their own identities and have the freedom to directly manage their profile data and preferences directly.

A centralized customer identity platform allows businesses to create and apply access policies across all their apps and policies, scoped access to customer data and specific customer consent options. Additional security features - such as recognizing fraudulent account creation and integrating customer registration and authorization actions -- grant additional levels of security.

Data Usability

Traditional IAM cannot provide insights into who your customers are, what steps they are taking in their customer journey and what is influencing their behavior. To the contrary, workforce IAM presumes that users are already known. Sophisticated consumer identity management platforms are designed to incorporate data from multiple points -- profile information, social identity data and anonymous behaviors -- to provide a deeper level of insight into your customers.

In addition, while traditional IAM is designed to integrate primarily with human resources and enterprise resource planning (ERP) systems, customer identity management integrates with a broad array platforms, including SIEM, marketing and sales automation and data analytics. Integrating CIAM with SIEM enables enterprises to associate login and registration events - as well as profile modifications -- with their metadata.

The Akamai Identity Cloud is built for the sole purpose of providing companies with the scalability and security they need to ensure a positive customer experience and realize the value of customer data. Traditional IAM systems absolutely have their function, but a dedicated CIAM platform is needed to check off every box and provide everything you need out of a customer-focused identity access management system.