2023 CIAM recap: Market and tech changes that matter
November may seem a little soon for a wrap-up on the year, but we like to get out in front of things.
Also, this time last year our team was seriously celebrating some big news – our recognition as a leader in The Forrester Wave™: Customer Identity and Access Management, Q4 2022. So for us, it’s an opportune moment to gather the team and take stock.
Across tech industries broadly, we’ve seen a lot in the last 12 months. OpenAI released a free research preview of a little thing called ChatGPT, which basically broke the internet. Twitter’s new owner made a few, um, interesting decisions, which broke the internet again. And smart people wrote about how to fix the brokenness.
Like I said, 2023 was a lot.
The CIAM tech and market space saw plenty of change too. Especially worth noting are two major shifts: one that falls under the heading of “exciting and long-awaited” and another which, for many brands, was about as welcome as a migraine. And at Strivacity, we’ve been hard at work making our leading platform even better.
CIAM tech news: The passkey is here (seriously)
Back in 2018, the FIDO Alliance released a standard for passwordless authentication – aka passkeys. This year, multiple tech giants finally got the memo, declaring this the beginning of the end of the password.
If you want the background and technical details, our own Stephen Cox wrote a CTO’s explainer on passwordless. But in practice, passkey technology means customers can use super-easy biometric features on their phones – like FaceID and TouchID – to log into their accounts from any device. Even one that doesn’t have built-in biometrics.
Basically, passkeys function like a password manager – but without the password.
As more mammoth companies embrace passkeys, customers will quickly come to expect the same experience everywhere they go online. And who can blame them? It makes login super easy.
Even better, it’s also super secure. As more brands ditch the password, they’ll also dramatically lower risk – theirs and their customers. Because when there’s no easy repository of credentials, attackers turn their attention elsewhere.
Bottom line: If your CIAM solution supports FIDO2 biometrics, now’s the time to flip the switch. And if it doesn’t, have a look at how easy it can (and should) be to create low-friction journeys.
CIAM market news: Fewer options for brands
The CIAM industry got a little smaller last year.
In August, clients of Ping Identity and ForgeRock found out that – like it or not – they may have a tech migration in their future. No one knows yet who might draw that short straw, and it could be a while.
As someone who’s been-there-done-that as CTO in charge of a similar merger and rollout, our CEO, Keith Graham, shared some thoughts on what this means for CIAM customers.
TL;DR: It’s not great.
As Thoma Bravo decides whether to keep one or both CIAM platforms or if it should axe one of them (and all that that implies), brands who use Ping or ForgeRock could face a decision too: Prepare and budget for a potential transition or explore other options.
And if you want to stick with an industry analyst-recognized leader, our friendly demo team would be delighted to show you how we earned that badge of honor.
One leading CIAM option got even better
We haven’t taken our 🌊 status as a CIAM leader for granted. After we swept up the ticker tape in the conference room back in 2022, our engineers got back to work.
Here’s a few of our clients’ favorite enhancements:
- Admin-friendlier console: Hey, admins are users, too! When their workflows get smoother, so does everything else. With full-width screens, multi-column layouts, and collapsible nav, your superusers can tailor and modernize journeys even faster.
- Easy config for highly complex journeys: For some businesses, sign-up and sign-in journeys can get complicated. B2B and B2B2C brands need highly tailorable configuration – like enterprise SSO or private-labeling your product for other vendors. We beefed up our organization management capabilities for greater flexibility – while keeping our no-code implementation, so multiple orgs can manage their application clients.
- Document verification without the hassle: We now offer native support for ID verification flows that require customers to prove their identity using a driver’s license or passport. We do all the heavy lifting – including managing the ID verification vendor relationship and letting you build journeys with hosted components for consistent, optimized customer experience.
- More MFA options: Give your users options for multi-factor authentication (MFA) at sign-up. Configure mandatory and optional methods and integrate MFA into enterprise and social logins.
- Even less friction: Who doesn’t want to be remembered? Delight your users by offering "remember my device" and "keep me logged in" options when they register. Every time they log in, they’ll enjoy that frictionless experience. It's seamless, only with fewer seams.
Conclusion
Like I said, for the CIAM industry 2023 was no sleeper.
As passkeys gain traction and the dust settles on the merger of two leading CIAM platforms, we stand ready to make it easy for brands to deliver the security and the experience their customers want – even as that changes in the year ahead.
And if you’d like to see what great CIAM made better looks like, our demo team is at your service!