Customer Identity Management – A Cultural Shift from Employee Identity Management

Identity and Access Management Twins

Customer Identity Management -Cultural Shift from Employee Identity Management

Changes in the business landscape brought about by the web or rather the internetization of economy has meant that more and more companies are now forced to employ identity management systems for their employees as well as customers albeit separately. Employee Identity and Access Management systems have been in use in large organizations for a few decades now. And for that reason companies tend to treat traditional employee Identity and Access Management installations like the erudite elder to the younger Customer Identity and Access Management –  a recent mutation designed to manage external customers.

While both variations of identity management modules perform similar core functions, they are monumentally different and hence require companies to approach both of them differently. In clear terms, it would be a mistake to think that the only difference between internal Identity and Access Management systems and Customer Identity and Access Management is the user.

At the outset, let’s begin with brief descriptions of what each of these platforms are about.

What is Identity and Access Management?

As aptly defined in this article, an Identity and Access Management system is simply a framework to govern and manage identities while also regulating access to organizational resources. Strictly speaking, this is an umbrella definition for any category identity management frameworks. However, the term Identity and Access Management is more synonymous with traditional employee based IAM systems used internally in organizations.

The prime intention of employee Identity and Access Management frameworks is data security. Digital identities – of employees – are used as a means to restrict or allow access to network resources within an organisation. Typically, access is based on hierarchy and organizational position. The framework can allow or restrict access only when it understands the hierarchical position of each employee. Access Management is done using the digital identity of the employee issued by the organization. This leads to the obvious inference that the digital identity holds the key in the whole identity management environment. To describe a little further, for security purposes, employee identities can quite obviously be provisioned, administered(updated or edited) and deprovisioned by the company administration only. To put the importance of Identity and Access Management systems in perspective, it is estimated that the IAM market size will be worth USD 12.78 billion by 2020.

What is Customer Identity and Access Management?

Customer Identity and Access Management platforms fall under the same umbrella of identity management systems but are nevertheless quite different employee IAM systems. Foremost among the differences is the fact that security is not the top priority for a cIAM platform. On the contrary, it is designed to improve ease of access and provide a better Customer Experience. As opposite to an internal organizational scenario, creation of identities, edits to the identity and user profile, deletion of the identity and so forth are prerogatives of the consumer and can be made at his or her will.  

Also, employee Identity and Access Management systems differ from customer IAM systems because employees are not equivalent to customers. Employees derive their incomes from the companies they work for while companies derive their revenues from the customers they serve or sell to. Naturally, there is a world of difference in the motives, liberties and functions of each side (employees and customers). And though a relatively newer phenomenon, the cIAM market is quite competitive and is estimated to be worth USD 18.9 billion by 2019.  

Identity and Access Management or Customer Identity and Access Management – which one do companies need the most?

Well, there is no definite answer to that question. Quite obviously, it depends on the individual needs of an organization. But to generalize, any medium to enterprise level company which is sufficiently internetized and is providing services or selling products to consumers or even just maintaining relationships using the web requires both an employee IAM and a cIAM system. It is a generalization but it is also a reality applying to a lot of companies across the world today. The biggest mistake that a company can make wouldn’t be not having either systems in place to manage internal and external identities, but to approach both with the same perspective and not understanding the differences. Many company executives view Customer Identity and Access Management platforms in the same light as traditional IAM systems when there is not just a difference in outlook but also in culture between both. Employee IAM and Customer IAM platforms may be sort of twins but they belong to different ideologies and cultures.

Coming to the question of which platform companies would mostly need, the answer depends on usability. Employee IAM systems are more likely to be required because every company has employees and resources and access to former needs to be regulated on the latter. On the other hand, like it was mentioned above, every company selling goods or providing services or maintaining relationships over the web needs to put a Customer Identity and Access Management platform in place. However, while that’s a sufficient condition, it’s not mandatory. We are already in an era where business, both B2B and B2C, is being redefined by the free flow of information. Though the fundamentals remain same, digital business landscape is far more competitive and prone to consumers churning off more quickly, reducing customer loyalty. This necessitates companies to stay one step ahead of time rather than waiting for the right time to come for their business. Businesses of all kinds need to attract consumers and cIAM platforms help them deliver the triple benefit of personalization, omnichannel marketing and customer experience to improve their traction and establish their hold in the market.

The Role of Company Culture

At the basic level, administration of an Employee IAM differs widely from that of a Customer IAM. In an ideal scenario, while the IT Security team at an organization would be in charge of the employee IAM setup, it is typically the marketing team which is responsible for the administration of the cIAM platform.

Companies shouldn’t view a Customer Identity and Access Management platform as a tool to just manage consumer identities. Rather, cIAM occupies the center of the martech stack of a company and helps convert anonymous visitors to customers, collect their personal data, centralize customer data between multiple web and mobile properties and finally improve customer experience. This obviously means the difference in use cases is not just about internal and external uses but the entire application of the two classes of identity management products.

So, a shift from Employee IAM to Customer IAM is not just an infrastructural shift but also a cultural shift requiring the organization to alter its entire perspective. This is because of the fact that when it comes to customer identities, the game is not just about creating identities, walking them through their lifecycle and then deprovisioning them. The pivotal element in Customer Identity and Access Management is not the identity but the centralized customer profile. In an employee IAM scenario, companies issue identities leaving little for the employee to do in terms of provisioning the identity or maintaining the lifecycle. The concept of a profile or account is not of importance in such a scenario. On the other hand, in a competitive external user environment, the profile is what matters. Of course, the identity is attached to the profile. Identity, without any usable profile information, is not of much use to a company.

In other words, the big difference between managing employee identities and customer identities – or profiles – is that of control. Creating identities, filling profile information, using that identity and profile to make transactions are all prerogatives of the customer. A company can’t control any of these processes. The only thing they can do, by way of using a cIAM platform, is to encourage prospects to perform all these tasks. They need to synthesize the necessity to do so and a cIAM platform assists them in this process. Hence, creation of customer identities and profiles without much control is the big challenge companies face today and that can’t be tackled with an employee IAM mindset. Companies need to shift from full control to zero control when they move from IAM to cIAM and that requires a significant cultural shift.

Aastha Trivedi


Aastha is a Marketing Ninja at LoginRadius, a leading Customer Identity Management platform. MBA from IIM Bangalore, she is passionate about great innovative products. Connect with Aastha on her email

New Call-to-action