What is CIAM?
Customer Identity and Access Management (CIAM) is the software category for authenticating and managing external users: customers, partners, and citizens. It is the login box on a consumer app, the sign-up flow on a SaaS product, and the account that sits behind every personalized or paid experience.
CIAM is distinct from workforce identity (IAM), which manages employees. The buyer, the scale, and the priorities are different. See CIAM vs IAM.
What a CIAM platform actually does
- Authentication: password, social login, passwordless, passkeys, and multi-factor.
- Registration and progressive profiling: capturing just enough at sign-up, enriching later.
- Single sign-on across a company’s apps and brands.
- Authorization: roles, permissions, and increasingly fine-grained access.
- Consent and privacy: capturing, storing, and honoring consent under GDPR and similar law. See consent and privacy.
- Fraud and bot defense at the identity layer.
Why it is bought, not built
Teams start by writing their own login. It works until it does not: passkeys, SSO, SCIM, breach detection, consent receipts, and SOC 2 evidence each become a project. A CIAM platform turns that backlog into configuration. The buying trigger is usually a security review, an enterprise deal that demands SSO, or a privacy regulation deadline.
What buyers get wrong
The common mistake is shopping on feature checklists. The features converge fast. What separates platforms in practice is pricing model (per monthly active user can punish growth), migration cost off the platform, B2B multi-tenancy support, and how the vendor prices the features you actually need (MFA and SSO are often gated to higher tiers).
Start with the vendor matcher to get a shortlist scoped to your segment, or read the pricing guide before you take a sales call.