• Download a trial
  • Sales
  • Support
  • Login
logo
  • Home
  • Products
  • Solutions
  • Partners
  • About Us
  • Consulting
  • Resources
Request a Quote
  • Workforce Identity
  • Customer Identity
  • Comparison
  • Subscriptions

All Features

Overview of all features in Workforce Identity

User Onboarding and Offboarding

Automate joiner, mover, leaver processes

Access Request

Access requests with multi-step approvals

User Access Reviews

Save time with user access reviews

Self-Service Portal

Self-service portal for all end user activities

Segregation of Duties

Detect and remediate SoD violations

Password Management

Enforce password policies and enable synchronization

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Authentication and MFA

Improve security with adaptive authentication and MFA

3rd Party IdP Integration

Integrate with your existing identity provider

Integration API

Use the REST API to add identity into your applications

Connector Library

Integrate on-premise and SaaS applications

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Workforce Identity Concepts

All Features

Overview of all features in Customer IAM

Authentication and MFA

Improve security with adaptive authentication and MFA 

Single Sign-On (SSO)

Enable SSO using standards - SAML, oAuth, OIDC

Password Management

Enforce password policies and enable synchronization

Modern Architecture

Microservice architecture that supports deployment using RPM, Kubernetes or OpenShift

Customer Identity Concepts

Community vs Enterprise

Summary of the differences between the Community and Enterprise editions

Subscription Benefits

Overview of the benefits provided by an OpenIAM subscription

  • Integrations
  • Verticals
  • Workforce Use Cases
  • CIAM Use Cases
  • Compliance
  • Data Breach Mitigation

Active Directory

Azure (O365)

SAP

SAP SuccessFactors

Workday

AWS

Linux Server

LDAP

Microsoft SQL Server

Google Cloud

Windows Server

Oracle EBS

ServiceNow

SAP Fiori

Oracle Fusion

Entra ID

Salesforce

Keycloak

Custom Applications

Education

Manage identity for students, staff and alumni

Financial Services

Address the compliance and security challenges of the financial sector

Identity Governance That Works in Practice

CIAM for Regulated Industries

NIS2

Achieve compliance with the EU directive for cybersecurity frameworks.

DORA

Comply with the Digital Operational Resilience Act for the EU.

HIPAA

For healthcare organizations seeking HIPAA compliance.

PCI DSS

Compliance with the Payment Card Industry Data Security Standard

SOC 2

Solutions for organizations subject to SOC 2 audits

GDPR

Take advantage of OpenIAM to comply with the General Data Protection Regulation

Social Engineering Attacks

  • Partners

Current Partners

Our Current Partners

  • About Us

About OpenIAM

Learn about OpenIAM

Press Releases

References to OpenIAM press releases

OpenIAM in the Media

References to OpenIAM in the media

Careers

Learn about open positions at OpenIAM.

  • Consulting

Proof of Value

Customized engagement to confirm defined proof of value objectives

Jump Start

Customized engagement to rapidly deliver a solution into production

Solution Implementation

Engagement with the objective to deliver a complete IAM solution based on customer requirements

  • Resources

Videos

Collection of videos describing how OpenIAM can be used to solve common use cases

Community Portal

Collaborative community portal to learn more about OpenIAM

CE Documentation

Documentation for the Community Edition

Blog

Musings on identity penned by the OpenIAM team

Webinar Calendar

Upcoming webinars and training sessions

Workforce Identity Concepts

Customer Identity Concepts

CIAM Supporting Concepts (Orientation)

This page provides a high‑level orientation to the core concepts that make up modern Customer Identity and Access Management (CIAM). It is designed for early‑stage readers who need to understand how CIAM concepts fit together before exploring architecture, governance, or regulated use cases in depth.

Each section below introduces a concept briefly and links to deeper content where appropriate.

What Is CIAM?

  • Definition of Customer Identity and Access Management
  • How CIAM differs from traditional IAM in scope and scale
  • Why CIAM becomes foundational digital infrastructure

CIAM vs Workforce Identity

  • External vs internal identity populations
  • Differences in lifecycle authority and duration
  • Privacy, consent, and public‑facing risk considerations
  • Why workforce IAM models do not translate cleanly to CIAM

Identity Relationships: B2C, B2B, and G2C

  • B2C: consumers accessing digital services
  • B2B: partners, suppliers, and ecosystem participants
  • G2C: citizens accessing public services
  • How a single CIAM architecture supports all three

Federation (High‑Level)

  • Trusting external identity providers for authentication
  • Delegation of authentication vs internal authorization
  • Federation as a universal CIAM pattern

Bring Your Own Identity (BYOI)

  • Users authenticating with identities they already possess
  • BYOI as an outcome of federation, not a separate model

Examples of External Identity Providers

  • Social identity platforms
  • Bank‑issued and sector identities
  • Government and nationally recognized digital identities

Just‑in‑Time Provisioning (High‑Level)

  • Identity materialization at first interaction
  • JIT as one onboarding mechanism among several
  • Relationship to birthright access rules and approval workflows

Customer Identity Lifecycle (Deep)

  • Onboarding and activation
  • Attribute and access changes over time
  • Consent changes and suspension
  • Why customer lifecycles differ from workforce lifecycles

Identity Proofing & Assurance (High‑Level)

  • Verifying that a user is who they claim to be
  • Differences between authentication and identity assurance
  • Importance in regulated B2C and G2C environments

Consent vs Preference

  • Consent as a legal and policy construct
  • Preferences as user‑experience configuration
  • Why conflating the two creates compliance risk

Risk & Abuse

  • Public‑facing threat models
  • Adaptive authentication and contextual access decisions
  • Balancing security controls with user experience

Data Sovereignty & Jurisdiction

  • Where identity data is stored and processed
  • Jurisdiction‑specific handling requirements
  • Why sovereignty influences CIAM architecture

Governance in CIAM

  • Policy consistency across applications
  • Oversight of federation and lifecycle events
  • Auditability of identity and access decisions
  • Governance as the unifying layer across CIAM capabilities

How These Concepts Fit Together

  • Centralized identity and policy decisioning
  • Distributed enforcement in applications
  • Federation, JIT, lifecycle, consent, and risk as coordinated controls

Readers ready to explore how these concepts are implemented in practice should continue to:

  • Application‑Embedded, Governed Customer Identity
  • CIAM for Regulated Industries
  • Federation & JIT Provisioning as Control Boundaries

Frequently Asked Questions

1. What are CIAM supporting concepts? 

CIAM supporting concepts are the foundational ideas that explain how Customer Identity and Access Management works in practice. They include identity relationships, federation, lifecycle management, consent, risk, data sovereignty, and governance—providing the vocabulary needed to understand CIAM before exploring architecture or regulated use cases.

2. How is this page different from the Customer Identity Concepts pillar?

The Customer Identity Concepts pillar explains why CIAM becomes complex and how it evolves at scale. This Supporting Concepts page focuses on what the core concepts are and how they relate to one another, serving as an orientation guide for early-stage readers.

3. Who should read the CIAM Supporting Concepts page?

This page is designed for readers who are new to CIAM or need a high-level refresher, including product teams, architects, security professionals, and compliance stakeholders who want to understand CIAM concepts before diving into governance, architecture, or regulated industry requirements.

4. Where should I go after reading this page? 

Readers ready to explore how CIAM concepts are implemented in practice should continue to Application-Embedded, Governed Customer Identity for architectural depth, or CIAM for Regulated Industries to understand how these concepts apply under audit and regulatory constraints.

 ← Back to Customer Identity Concepts 

Let’s Connect

Managing identity can be complex. Let OpenIAM simplify how you manage all of your identities from a converged modern platform hosted on-premises or in the cloud.

For 15 years, OpenIAM has been helping mid to large enterprises globally improve security and end user satisfaction while lowering operational costs.

Download a Trial Contact Sales
footer-top-logo
openIAM-white-logo

All modules of our IAM platform share a common infrastructure allowing customers to see one unified identity solution versus a collection of disparate products.

  • linkedin-icon
  • facebook-icon
  • twitter-icon
  • youtube-icon

sales@openiam.com

(858)935-7561

Copyright © 2026 OpenIAM. All rights reserved.
  • Privacy Policy