Customer Identity Management

Most organizations focus on creating a portal before even thinking about security. Providing access to customers is provided by using a simple username and password. However, over time the functionality of the portal has been enriched with personal data and transactions demanding strong security. At the same time security threats in the market are increasing. The lock on the door is becoming rusty and unreliable. Customers find it difficult to enter and hackers find it very easy to break in pretending to be someone else. This is the moment organizations need to realize it is time for Customer Identity Management (CIM).


In the past, the industry of Identity Management was focused on managing the identities of employees. Nowadays, Identity & Access Management involves consumers too. As many organizations are discovering IAM for customers, they find out that this new space is providing them with strategic opportunities. Onegini has proven this by implementing Customer Identity Management (CIM) for large global insurance companies with astonishing results such as:

  • Transformation from an offline to online player
  • 223% growth in commercial visits
  • Over 700,000 new online accounts in less than 3 years.
  • Increased customer engagement and customer satisfaction.
  • Millions of cost savings

Levels of assurance

The difference between IAM for customers and employees

The big difference between IAM for employees and customers is the number of users. Your company may have thousands of employees and millions of consumers. Consumers want to decide on their own how they do business with you. Some key characteristics:

  • Using web or mobile
  • Using their own ID like Facebook, mobile login
  • Using an ID provided by government, banks, or other companies
  • Using their own devices
  • Providing information and identification when required and not in advance
  • Using their own ID like Facebook, mobile login
  • Sharing information with trusted friends or relatives
  • Using self-services
  • And most of all, customers demand ease of use and expect strong security

How does Customer Identity Management make your life easier?

As your company’s online strategy grows, so does the functionality around Customer Identity Management. In fact, you find yourself building a foundation that requires decades of human labor. The good news is that it doesn’t need to be like this. Onegini delivers a complete solution for securing web and mobile for consumers out of the box.

Onegini allows you to:
  • Ensure quick time to market , by delivering an out-of-the-box solution instead of a tool box
  • Maintain your own branding , by distributing in your own look and feel
  • Set up IAM for consumers for web and mobile , through the integrated product stack with CIM for web and the Mobile Security Platform for mobile

What is CIM from a functional point of view?

CIM stands for Customer Identity Management. Simply put, this component takes care of all security regarding customer identities for websites. Whenever a security related feature is required for the portal, CIM will take care of it To give you an impression, some of the main features are:

  • Login. Not all customers are the same, yesterday they logged in with username/password, today they log in with Social Id’s and tomorrow they will log in with mobile. In other words, the customer decides his or her preferred log in and will change his or her preference over time, CIM supports all that.
  • Registration. Making this process as simple as possible is the key to your success. As millions of customers are going to use this process, any hiccup will lead to undesired fallout. The registration process for customers and prospects is different. Whereas customers require a more secure registration to prevent exposure of private data to the wrong people, for most prospects this robust identification is less important.
  • Self-service. Self-service is critical. If your procedures are unclear and little self-service is available, more than 30% of the calls from your helpdesk might be related to this.
  • Migration. Many large companies have more than one portal resulting in confronting most loyal customers with multiple usernames and passwords. The idea around Net Promoter Score (NPS) is that most loyal customers will recommend your company to friends. The use of multiple usernames and passwords do not aid in this. CIM provides one login mechanism to all your online portals, effectively delivering single sign in to all your customers.
  • Levels of assurance. When you are a prospect, you just want to explore your possibilities, no identification is required. But when you become a customer the company needs to know who they are dealing with, so identification is required. The CIM products supports many forms of identifications, like E-mail verification, GSM verification, ID check, Bank Transaction check, Address check, and more.


In time your customer will build towards a higher level of trust (identification).  With digital identities you want to reduce the risk of identity theft. For this means that the level of trust is not only defined by the initial identification, but also with what we call continuous multi factor authentication. Multi factor is a way to make sure you are who you say you are by checking different factors. Based on your behavior, CIM could ask for extra authentication (making it continuous authentication).

CIM allows you to create your own levels of assurance (LOAs). You can use a market standard like STORK or configure your own levels by:

  1. Configure initial identifications required per level.
  2. Configure required level of assurance per service provider.
  3. Configure level of assurance per identity provider.
  4. Configure level of assurance for Two-Factor authenticators e.g. text/SMS, mobile or Google authenticator.
  5. Configuring required level of assurance for changing attributes e.g. text/SMS, name, birthdate, and more.
  • Authorizing access to others, According to new legislation, as defined in the PSD2, customers should be allowed to share information with third parties. With CIM you can select products and provide others with access to it. That way your customers will start promoting your company to friends and family.
  • User delegation, Businesses tend to hand out the right to partners to distribute accounts to their employees. The partner administrator is in this case responsible for handing out accounts and providing the users the correct rights.
  • Managing and monitoring Customers Identities, Customer Identities, CIM is the digital front door of your organization for consumers and partners. Of course you require full audit trail, event trail and monitoring capabilities.

How does it fit in your landscape?

CIM and MSP extend your current infrastructure landscape. With one click deployment through Docker technology you can deploy the complete stack.

By pressing a button you can scale up and multiply components. The good thing is you can install the components in your landscape and start building portals and mobile applications using the Onegini components. Users can easily migrate from “old identity stores” towards CIM allowing your company to have one Customer Identity Store. The API’s and SDK’s allow developers to create business functionality for web and mobile without having to worry about security, as the Onegini infrastructure takes care of this.

For example, a portal can trigger CIM by requiring a second factor authentication. CIM and MSP will take complete care of this.

Another example, the app wants to get customer data from the backend, MSP will:

1. Ensure the user has the rights (token) to do so.

2. Transport the data from the backend in a secure way, using the out of the box feature: Payload encryption.

3. Will provide it to the app.

New Call-to-action

Technical Documentation

Technical documentation button

Technical documentation button