Customer identity and access management (CIAM) is a sub-genre of traditional identity and access management (IAM) that has emerged in the past few years to meet evolving business requirements. CIAM focuses on the connectivity with the customer when accessing any type of systems, on-premises and in the cloud, from registration to track. The purpose of this study is to introduce different dimensions of CIAM toward exploiting them in organizations.
Based on a thorough review of the relevant literature and semi-structured interview with six experts in the field of digital IAM the necessary data were gathered. Then through the use of content analysis technique, analytic codes and also categories and sub-categories of the data were generated.
Results indicate that four categories, namely, customer identity management, customer access management and information technology and business management are the most important factors affecting the identification of CIAM dimensions.
Organizations could avail of the proposed conceptual model toward identification and offering customized products and services solutions to their customers.
Rasouli, H. and Valmohammadi, C. (2019), "Proposing a conceptual framework for customer identity and access management: A qualitative approach", Global Knowledge, Memory and Communication, Vol. 69 No. 1/2, pp. 94-116. https://doi.org/10.1108/GKMC-02-2019-0014Download as .RIS
Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited
Identity is defined as “one or more attributes which are applicable to this particular subject or object.” A customer or user can hold many different identities and each identity can be devoted to many of his/her attributes. Identity management enables individuals to take control of their personal data when it is needed to share with other third parties and therefore supports their privacy (Tatli and Lucks, 2009). Digital identity is a core tool with which a person can access the services (Clare Sullivan, 2016). Identity is the most important part of any security-aware system. It allows users, services, servers and any other entities to be identified and recognized by other systems and parties (Al morsy et al., 2016). Identity and access management (IAM) is a security principle that helps the right people to access the right resources at the right time for the determined reason. IAM considers the influential and critical need to ensure appropriate access to resources across increasingly dynamic technologies and to meet different compliance needs. IAM is a crucial principle for any kind of enterprises. Enterprises which are attempting to develop IAM capabilities can reduce and manage identity management costs and become significantly agile in preparing new business initiatives and adapt to changes more easily (Gartner, 2017). The main concern of IAM relates to the verification of an entity’s identity and devoting the correct level of access for the resources which are stored and protected in the cloud environment (Sharma et al., 2016). IAM is the combined disciplines of identity management and access management. Identity management is the discipline of managing identities and the associated user accounts in different systems. Access management is the discipline of managing access to information, a fundamental part of any information security strategy. Identity management is composed of three types of fundamental entities, namely, user, identity provider (IdP) and service provider (SP). IdP is the core element to perform identity management functions and is applied for establishing a trust relationship between SP and user. Moreover, SP is responsible to provide for application services. In reality, when a user requests service from SP, SP sends this query to IdP for user authentication. Then if the user is authenticated by IdP, SP provides for the user the requested service successfully (Chen et al., 2011). On the whole, the three key factors which determine the success or failure of the enterprise IAM deployment are as follows:
Business: Even while there are some things which have to be done, for example, to fulfill regulations, IAM – like everything in information technology (IT) – has to provide what business requests.
Technology: Once you know what the processes are, how they affect your organization and which rules to play by, determining which technology is needed is comparatively easy. However, you need to understand the big picture first, before you start implementing it step by step. Otherwise, you might be heading in the wrong direction.
Lean IT: IAM technology continues to evolve at breakneck speed; IT needs to make sure that the IAM technologies they use remain aligned with overall service management goals, which in turns requires a “lean and mean” IT architecture, namely one that is both flexible and adaptable (Kuppinger, 2011).
Enterprises seriously require exact customer insight to successfully provide them with new products and services that can increase brand loyalty while making more profit. As marketing teams have traditionally managed customer data, today’s complex IT environment needs a cross-functional and multidisciplinary approach to manage and secure customer data. Nowadays customers expect services and apps to be available 24/7. Poor response times will cause customer dissatisfaction. The enterprise must benefit from a customer IAM solution that can manage a huge number of dynamic users across different channels such as mobile and Web with no perceived performance degradation (Forrester, 2015). In fact, technology has changed the power of customer (Figure 1).
Three common business objectives driving customer engagement are largely centered on top-line growth:
improving market share by the benefit of customer-facing apps that increase customer experience;
increase revenue per customer by delivering customized and personalized multi-channel experiences to customers; and
enforcing customer trust and loyalty by managing customer privacy and considering customer preferences (Ping Identity, 2016).
Business leaders entrust their security teams to protect customers’ privacy and protect them from fraud and other malicious activities. To do this, security and risk professionals must implement solutions that authenticate customers’ identities across all channels – digital and non-digital – and help the firm manage to get access to services and sensitive data. To increase customer experience and loyalty, customer identity and access management (CIAM) should be considered. Digital transformation has become pervasive across many industries, but limited CIAM capabilities are slowing its pace. Therefore, the main purpose of this study is to answer this research question: What are the main dimensions of a conceptual CIAM framework? This question is more important when considering that enterprises cannot move forward until they are able to manage and secure the vast amounts of identity data that digital business generates and uses across varying technologies and limitless application locations. Further, enterprises are expected to provide a superior customer experience, while addressing security and privacy concerns that pose the significant potential to negative ramifications.
2. Customer identity and access management
As today’s hyper-connected customers use mobile apps to transact business online, as well as use self-service Web portals, kiosks and connected devices, they expect a secure and exciting experience. Now customer and customer identity (Gilbert, 2014) is one of the most critical issues that play a vital role in providing a consistent, unified experience across these channels. But managing customer identities to ensure that their experience is not clunky or insecure is important. When IAM cross mind, there is a huge difference between customers and employees. Unlike employees, customers are able and can switch to a competitor easily if they realize that their expectations are not met. CIAM solutions have some benefits which cannot be addressed by traditional IAM solutions. Security, ideal customer experiences and the ability to support digital services across multiple channels with sufficient scalability and performance are some of them. Understanding the opportunities of implementing CIAM may seem like a daunting task (Ping Identity, 2017). Reed and Forehand (2016) propose six processes for consumer identity in their framework. These processes are shown in Figure 2 and are as follows:
adoption – the process of bringing a new identity into the self-schema;
reinforcement – the process of strengthening an identity over time;
dilution – the process of weakening an identity over time;
elevation – the process of increasing the prominence of a given identity within a hierarchy of identities;
suppression – the process of reducing the prominence of a given identity within a hierarchy of identities; and
expulsion – the process of dispossession of an existing identity (Reed and Forehand, 2016).
CIAM can provide enough security if it is designed and implemented in a strong way. In addition, it can affect customer experience and increase customer loyalty. Enterprises always attempt to reach a suitable balance between seamless customer experience and an acceptable level of security. The exact requirements of customer identity, such as scale or multichannel interactions makes necessary the development of CIAM in an enterprise which is completely distinct from traditional solutions for employee’s IAM. As enterprises are willing to connect with their customers across multiple channels, the applications that run them should be developed in a wide and unlimited business environment. They are often offered by a third party, which presents a new set of IAM and security challenges (Ping Identity, 2017).
Looking at business requirements, before initiating functional and technical requirements, is a key point. One of the critical values in a well-designed and established CIAM solution is its scalability across the entire enterprise, alleviating the pain of multiple customer identity silos in different stores and databases. There are six often-mentioned business initiatives driving the need for CIAM which are as follows:
Digital business transformation: Digital transformation has become increasingly vital for today’s organizations seeking to survive and gain competitive advantages in a digital economy (Yang Liu, 2012). It is predicted that by 2018, 67 per cent of CEOs of Global 2000 enterprises will have digital transformation at the center of their corporate strategy. Digitalization of governmental services and transactions is done to reduce costs and increase efficiency in services delivery, but most importantly, by the need to reduce fraud (Clare Sullivan, 2016). In this environment, CIAM is certainly a key enabler for digital business strategies, because it manages customer interactions across all business channels.
Increasing security threats: Today, identity-centric security goes beyond protecting data at the perimeter with a firewall. It can protect data everywhere which is so useful for multi-channel business strategies in a way that makes policy for different communication channels.
Adoption of the internet of things (IoT): The most important purpose of IoT is that everything (e.g. machines, appliances, computers, humans) is accessible, sensed and interconnected through the wide structure of internet (Farash et al., 2016). CIAM features such as scale and security are so critical for supporting IoT initiatives. As companies are looking to offer innovative IoT products and services (Valmohammadi, 2016), CIAM helps toward managing and securing interactions between devices and humans.
Privacy regulation compliance: Privacy refers to the ability of people to protect information about themselves (their own information). Privacy is a challenging concept in identity management, as identity management systems share sensible identity attributes, which is called personally identifiable information. There are concerns regarding these systems, such as, privacy, data protection, information exchanged between different domains, consent from users and control of credentials (Werner et al., 2017). As customers share more data with more organizations, data privacy is a growing concern. As a consequence, the regulatory scope is rapidly evolving and creating a complicated environment that varies across geography and demographics.
Development of mobile apps: Advancements in computing, communicational devices, as well as network connectivity is transforming the usage of desktop computers to mobile devices. This reality implies the increase in sensitive data stored on this platform (Teh et al., 2016). In addition, mobile devices could be easily lost or stolen and therefore, they are easy to compromise (Khalil et al., 2014). Mobile applications support customer experience across all business units and also offer the opportunity to centralize CIAM initiatives and are capable of integrating most of the customer processes into management of customer data.
Partnerships and acquisitions: The integration of multiple Web apps for an enterprise require different levels of authentication. In addition, third-party applications often require access to customer data, as today data often needs to be shared or migrated across organizations, Web properties and applications (Ping Identity (2016).
Nowadays, customer identities and related data are becoming more important and influential as transformations in business environments and rapid changes in the use of mobile, cloud and social technologies occur. Previously, enterprises used to apply user names and passwords to authenticate users and also provide access to online services. This method was not so useful and did not provide adequately flexible tool for delivering services to customers. CIAM solutions emerged to support managing the company’s master data management toward enabling companies to present profile and preference information seamlessly to the customer. The contextual preference data then allowed for more targeted marketing and promotions and increased brand loyalty, which is an indication of knowing the customer. Therefore, customer knowledge management (CKM) has an important role which needs to be considered. CKM is the application of knowledge management processes and tools to support the exchange of knowledge between an enterprise and its customers (Kolbe and Geib, 2005; Rollins and Halinen, 2005; Rowley, 2002), enabling companies to formulate appropriate business policies (Rowley, 2002; Su, Chen and Sha, 2006). CKM can be considered as the processes to capture, share, transfer and apply the data, information and knowledge related to users or customers. This relationship is mutually related to customer and organization (Zhang, 2011).
In the field of CKM, three kinds of knowledge related to customers are considered – knowledge for the customer, knowledge about the customer and knowledge from the customer – which are explored in more details as follows.
2.1 Customer knowledge
Customer knowledge is at the heart of most improvements and customer value (Rowley, 2002). Rowley (2002) argues that customer knowledge is an essential and influential asset for any enterprise, because it enables them to create value and competitive advantage. Dobney.com (2008) defines customer knowledge as “collection of data, information, and insight that need to have to build stronger customer relationships and communicate with them in an intelligent manner.” Customer knowledge can be classified as knowledge “for,” “about” or “from” the customer (Maswera, Dawson, and Edwards, 2006; Salomann et al., 2005; Su et al., 2006).
2.2 Knowledge “for” customer
Knowledge for customers is a knowledge which a company has and can be delivered to its customers as an extra value component toward satisfying the need of customers’ knowledge, for instance, through educating customer (García-Murillo and Annabi, 2002; Gibbert et al., 2002; Rowley, 2002). This kind of knowledge is seriously valuable as it enables tapping the knowledge sources of the customer and therefore affects the reasons behind customers’ buying decisions (García-Murillo and Annabi, 2002). Data, information or knowledge for customers can be extracted from other users or customers, consulting firms, competitors of enterprise to meet knowledge or information needs of customer (Shamizanjani et al., 2008).
2.3 Knowledge “from” customer
Knowledge “from” customer is any kind of information consist of ideas or thoughts, that organization receives from its customers regarding data which are generated from customer activities like the preferences, creativity or consumption experience of specific products or services (Desouza and Awazu, 2005). It is the customer’s knowledge of products, suppliers and markets.
2.4 Knowledge “about” customer
Knowledge “about” customer is a kind of customer knowledge which a company attempts to gain to analyze and better know its targeted customer. Companies not only extract knowledge about customers but also purchase data, information and knowledge about customers for example knowledge about customer characteristics and preferences (Shamizanjani et al., 2008). To build a robust and comprehensive CIAM model, CKM and three kinds of customer knowledge should be considered.
3. Identity and access management vs. customer identity and access management
IAM includes the processes which are used to manage access to different resources. This is possible by verifying the identity of an entity, after verification of identity the access is granted at the proper level according to the policy of protected resource (Sharma et al., 2016). IAM is a critical part of an enterprise IT infrastructure. It is a cross-functional process consisting of traditional security modules which help to protect against unauthorized access to information resources and can be systemic and benefit more from dynamics to increase efficiency and effectiveness. Proper functioning of IAM is critical as it proves and monitors which users can access what kind of data and determines whether that access is authorized or not (Bradford M, et al., 2014).
One of the most important difference between IAM and CIAM is that IAM is an enterprise solution and is also applicable as an internal IAM solution while CIAM is an external IAM solution (Gigya, 2017). CIAM is one of the most critical and influential enablers for the formulation of digital business strategies because it covers positive customer interactions, scale and customizations across all channels required for digital transformation (IDC, 2017). IAM solution usually focuses on lower level issues of enterprises, while CIAM solution has a significant impact on upper level issues. By implementing CIAM, the goals of the business teams which have a supporting role and digital business initiatives are aligned. CIAM is essential to a modern digital business strategy. Managing customer identity is different from handling workforce identity. Legacy IAM systems that were built for workforce identity management simply cannot meet CIAM requirements. There are different approaches to CIAM and choosing the right one for a business will have a critical impact on how to engage customers as well as critical factors such as cost, scale, performance and security (Forrester, 2015) (Figure 3).
Traditional IAM solutions have primarily focused on managing employees and partners. This is because business units, not the security team, were responsible for managing consumer interactions. This led to separate identity silos in organizations and different solutions. The different consumer requirements for IAM make most traditional employee IAM solutions a poor fit for customers because:
Although customers can go elsewhere, employees do not always have that option. If CIAM processes are cumbersome, customers will switch to your competition where these processes are more streamlined or easier to use. The same is not true of employees: Very few employees leave their employer because business-to-employee IAM processes are archaic or hard to use.
Enrollment processes are fundamentally different. In IAM, the employer is responsible for creating the user’s identity and accounts, but in the customer space, the customer generally creates his or her identity, which means that firms can spend more time validating and verifying the identity instead of creating the identities.
CIAM access governance processes mainly tie to marketing not security. IAM spends a lot of resources on access governance (e.g. periodic audits and access recertification). In CIAM, attestation processes are usually suppressed or put on a back burner because marketing does not want security to hurt their goals by revoking certain access rights or privileges from customer accounts.
Solution sets for IAM and CIAM do not align. The ability to help maintain a consistent user experience is what drives a lot of interest in CIAM solutions, when IAM is successfully deployed for employees. The demands and needs of customers are very different that they need an alternative solution, one that can more closely align with business and marketing and deliver the capabilities needed for a unified cross-channel view across disparate applications and Web properties.
CIAM has a greater need for scalability than IAM. Although many firms have successful enterprise-wide employee IAM deployments, and they reach to tens or hundreds of thousands of active users; the user populations of leading online consumer properties are 10 to 50 times larger. This creates numerous architectural challenges, as CIAM solutions must be able to support login flows and personalization and preference management for hundreds of thousands, even millions, of online consumers.
Customers still want to maintain some level of control over their identities. Regarding employee’s IAM, the security teams create centralized security and privacy policies that they propagate to employees. In CIAM, customers want and expect to be able to control and manage how firms use and share their personal information (Forrester, 2015).
4. Requirements and features of customer identity and access management solutions
CIAM requires capabilities that are entirely different from traditional workforce identity management. In addition to the larger number of customer identities compared to employees and partners, ensuring on the criteria such as, availability, security and privacy and regulatory compliance are more complex in customer use cases, particularly in omni channel digital business. CIAM is a critical strategic tool for helping marketing and business leaders boost bottom line by delivering personalized customer experiences across multiple channels, apps and devices. Many organizations are limited by build-it-yourself and legacy workforce IAM systems that cannot handle the scale and complexity of CIAM. That is why IT leaders are looking at purpose-built CIAM solutions that can support digital business initiatives, such as launching new customer-facing apps, personalizing offers and services, improving data security and capturing and adhering to customer privacy and communication preferences. When it comes to customer, IAM usability is not the only consideration – although it may be the most important issue. This list is not intended to be comprehensive, but these are the seven primary requirements of CIAM:
Benefit from a great user experience is an important aspect of customer IAM. Customers can make a decision to do business or not. If the process is so complicated, customers would choose another SP.
4.2 Ability to scale up
Infrequency and unexpected usage are one of the features of customer identity solutions. But this solution must be able to scale up in the event of users increase. Agile IAM solutions must be able to meet the elastic demands of customer-facing applications.
CIAM solution plays a key role in delivering a consistent experience across different channels, making it easy for customers to stay engaged as they interact with SPs across the Web and mobile browsers.
CIAM solution mainly influences the bottom line of the enterprise. There are some ways to maximize conversion rates. For instance, it would be possible to minimize friction points and simplify everything from initial touchpoint through the password recovery and everything in providing service process.
4.5 Unified customer view
When an enterprise establishes new channels for delivering services, a single customer would exist in multiple properties and directories. Appropriate CIAM solution is capable to provide a unified view of the customer across all these channels. As a result, effective marketing strategies can be applied in the enterprise.
Security is one of the most important issues which is increasingly protective of personal data. CIAM is the core of a strong security arm, allowing enterprises to proactively manage and mitigate risk and provide the customer with a higher degree of confidence.
Surely customers are concerned about how their personal data is stored, used or shared. This issue could initiate a stream for the establishment of new regulations to enforce privacy. CIAM solution plays a critical role in ensuring compliance with privacy regulations and other related policies (Ping Identity, 2016).Based on the above-mentioned discussion, in this study based on a qualitative approach, namely, content analysis, an attempt is made to propose a suitable conceptual CIAM framework to introduce the different dimensions of CIAM toward exploiting them in organizations.
5. Research methodology
The study as mentioned above uses a qualitative approach (Polit and Beck, 2008) using qualitative content analysis as described by Graneheim and Lundman (2004). Content analysis is commonly chosen when the researcher wishes to distill words into fewer content-related categories to explore whether the categories share the same meaning (Cavanagh, 1997). Because a text always has multiple meanings, qualitative content analysis will include both description (the manifest level) and interpretation (the latent level) (Graneheim and Lundman, 2004).
5.2 The experts
The experts were recruited from some companies in the field of IT and cyberspace and all of them had sufficient and suitable work experience in the domain of this study. All of the experts are familiar with IAM and customer relationship management (CRM) and also cyberspace in a way that they were extremely eager to participate in this research despite the fact that they were very busy. In addition, they are in charge of their companies in the mentioned fields. The experts were selected using purposeful sampling. And before starting the interviews, the aim of the research and other necessary information were explained to them. The intention was to encompass a wide range of experiences and perceptions. In this research, some primary characteristics to consider during the selection of experts are (Asgharpour, 2013): (1) dealing with IAM and CRM discussions; (2) being consistently aware of information on IT-related projects in the Iranian industries; (3) motivation to cooperate in the Delphi process; and (4) belief in the importance of information obtained through collective agreement. Table I demonstrates profile of the experts.
5.3 Data collection
All the experts completed the brief interview questions, and a subsample of the experts continued to the full interview questions based on their availability and engagement in responding to the initial brief interview questions. Full interviews were conducted until data saturation was reached for additional questions. Data were collected through semi-structured interviews (Polit and Beck, 2008). Interviews were guided with open questions such as:
How do you experience the IAM with customers?
What could be considered as a facilitator for gathering and analyzing customer identity?
Tell me about the importance of CIAM and the role of it on business.
What is your opinion about separation between customer identity and customer access?
The interviews were digitally recorded with permission from the experts and transcribed verbatim.
5.4 Data analysis
Data from the semi-structured interviews were analyzed using a mixed-methods approach of descriptive analysis of responses to close-ended questions and qualitative content analysis of open-ended questions. The purpose of qualitative research is to understand the experiences of individuals as they encounter specific situations in life (Elliott et al., 1999). Qualitative content analysis is used to inductively generate meaningful categories and provide organization of data from the entire group of participants (Sandelowski, 2010). These categories can be transferred to other populations at the discretion of the providers working with a similar population or other populations (Shenton, 2004). For this study, the authors reviewed all the interview transcripts and generated content categories with accompanying definitions. Data were then coded by category within each content category and were summarized.
Meaning units consisting of the same central meaning were then extracted from the interviews and condensed into smaller units of text while preserving the core of the meaning units. The authors then discussed the meaning units for further categorization. The condensing units were then grouped into codes holding descriptions on a higher level of abstraction and categories and sub-categories were created. Finally, the main theme, themes and sub-themes were identified which are shown in Table II.
6. Findings and analysis
The main themes of overall interviews are customer identity management (data Collection and aggregation and also customer profile management are identified themes), customer access management (services access policies and services access facilities are themes identified for this main theme), IT (operation, integration of customer data and IT supportive policies are themes for this main theme) and business management (CRM and business enforcements are themes in this section).
6.1 Customer identity management
During the interview, the experts explained topics related to customer identity management. Data collection and aggregation is a theme.
6.2 Data collection and aggregation
Nowadays companies are trying to use different tools and technologies to make a relationship with their customer. The power of these technologies in cyberspace has increased the capabilities of companies toward getting access to more valuable data of customers which was impossible before […]. Imagine social networks like Facebook. Given, Facebook as the most powerful social network which is able to collect lots of user’s information, companies can benefit from this information in order to collect data from their current users or new users and know about the user’s preferences and behavioral intentions (Expert 1).
Progressive Profiling is one of the methods of gathering customer dynamic data. Progressive profiling uses dynamic forms to gradually gather demographic data and preferences over time. Rather than asking a customer to fill out a form with 10 required fields, you may only ask three to four questions initially and use subsequent forms at different points along the customer journey to gather the additional data you need (Expert 2).
These two interviews helped authors to consider customer new data in CIAM:
Most organizations are using different channels to collect information about their customers. For example, data stored in CRM software or contact centers or forms by a user of websites or other resources have valuable information […] the art of integration or aggregation of customer data that is almost stored in various databases in silos can enable organizations to get access to big data as an oil! (Expert 3).
In order to aggregate customer data, it’s possible to utilize Third-party Application Integration. Based on this view, Identity data synchronizes bidirectional between the user profile and third-party applications (such as a marketing system, CRM systems, directories, databases and a variety of other applications) […] (Expert 1).
In this interview customer old data was another important concept which is related directly to customer identity management.
6.3 Customer profile management
In cyberspace, it is so important to know how to proceed the identification process of users. Some companies use their own identification procedures to register users and proof their identities. Some of them benefit from partners and use their data form to know, identify, and prove the identity of customers […] (Expert 3).
The emergence of technologies such as biometric sensors and high-resolution cameras in Smartphones provide an opportunity for evolved identity proofing methods. When it makes sense to apply additional techniques to ensure the authenticity of the user, identity proofing can be employed. The most common types of customer identity proofing are email verification and knowledge-based authentication. In Email verification, for verified User an automated email is sent at the time of registration, containing a link that redirects the user back to the website to finish the registration process. In addition, in Knowledge-based Authentication, we require the knowledge of private information of the individual to prove that the person providing the identity information is the owner of the identity (Expert 1).
Customer identity proofing is a subset of customer profile management which was extracted here:
Users are able to use tablets, smartphones, laptops and other devices in their home and workplace as well. They take advantage of BYOD (bring your own device). Habits, cultures and other factors are affecting tools people try to use. […] So companies are facing difficulties! They should arrange their policies are marketing and sales channels in order to fulfill a customer need whilst considering their preferences in utilizing different IT tools. Obviously in each channel users should be authenticated. Method of authentication depends on the specifications of channels and the strategic importance of them in business (Expert 4).
Username/password is a standard authentication mechanism available in all CIAM solutions. Most users suffer from password fatigue and would prefer other authentication methods […]. Social login, or allowing customers to log in using their social network credentials, is a popular method. Further, Support for Facebook and Google account logins are nearly ubiquitous, and other social networks such as LinkedIn and Twitter are common choices as well (Expert 5).
Customer authentication in multiple channels in another sub-theme for customer profile management according excerpted from the interviews:
Customer is King! Companies should attempt to meet the needs and preferences of the customers and offer products and services that they like to use. Services should be customized or personalized for each of customers in cyberspace in order to increase the switching cost of the customers. As a consequence, users’ tendency to be loyal to the company increases. […] Another thing to consider is that customer needs are changing all the time in cyberspace. Dynamic nature of customer’s need and preference make companies to apply strategies toward personalization of users (Expert 4).
In one of the experts’ viewpoints, personalization and preference management should be considered in customer profile management.
6.4 Customer access management
In the following of the interviews, the experts described topics related to customer access management. Access here means all information, services and products which are delivered to the customer to create value.
6.5 Services access policies
According to “prevent identity fraud and abuse of identities”, security policies should be updated and in order to make sure that the identification and authorization process is done in a high security manner. Using SSO (single signs on) or strong authentication policies like multifactor authentication or OPT (onetime password) are a suitable way to secure these processes and build trust between two parties which are going to make a relationship with each other and perfume e-payment transactions. Also, biometric data of user, especially fingerprint is more used in internet authentication solution, such as in banking services or other financial institutions (Expert 6).
Traditional authentication mechanisms, such as passwords and PINs, are fairly weak mechanisms for controlling access to critical resources and excluding unauthorized users. Because mechanisms which utilize only one “factor”, such as a password or PIN, are increasingly easy to subvert. And it is essential to consider using multiple mechanisms and/or channels to strengthen security. For instance, an authentication attempt that requires a password to be entered may require verification by means of entry of a one-time password, on another channel, which is delivered to the user’s registered mobile phone […]. Multi-factor authentication requires the combination of multiple authentication factors, including at least two of the following: Something you know (e.g. a password, a PIN), something you have (e.g. mobile device, token, smart card) and something you are (e.g. proven by a fingerprint or iris scan). Two examples of strong consumer authentication can be found with Google and Facebook. Both support a second authentication factor when you try to access your account from a new device (Expert 6).
Authentication policies are one of the most important subthemes of service access policies which elaborate on ways, tools and technologies related to customer authentication:
User should be able to access services while the authentication process is done. To achieve this end, credentials or tokens should be used. Security, privacy, convenience and interoperability of tokens are important for almost all web sites or service providers. Making a suitable decision in order to select and use tokens accepted by users is of high importance […]. Credential like Smartphone tokens and NFC technologies are some example of tokens. But it’s important to notice that according to the recent researches, username and passwords won’t be usable in near future, since remembering lots of passwords for different and various e-services is not easy! (Expert 5).
There is a range of authentication channels to be selected by the user about his or her personal preferences within risk-based constraints. The user could be given the flexibility to choose from an available selection of channels and mechanisms which will be combined to achieve successful, secure and flexible authentication. Such a mechanism can be associated with a secured resource and thus improve the security of the access mechanism. Selecting the mechanism of customer authentication channel would be personalized by users (Expert 1).
Tokens are credentials which are used to identify and authenticate users in cyberspace. Thus it could be concluded that having suitable tokens policies is very important.
6.6 Services access facilities
I think one the most important concerns of a customer is how to prepare security options for receiving e-services […]. In cyberspace security of access is a challenge for service providers which force organizations to use hardware and software solutions towards building trust between user and service provider and also partners. Hence, multi-channels and cloud based platforms which store and reuse customer data, obligate companies to look at the security from a new point of view […] (Expert 3).
Maintaining access security in cyberspace for users is an influential subtheme for services access facilities:
I believe in personalized services. In customer identity and access management, customer identity assures that each behavior of the user in followed and tracked and the requirements of users are updated. Access management benefit from customer identity to clarify and demystify their desired access to services. As a result, CIAM has two important functions: updating customer requirement engineering and providing access to customized services (Expert 2).
Customization of products and services is one of the main purposes of CIAM which should be considered as a subtheme in services access facilities.
6.7 Information technology
Based on the interviews held, the experts considered IT. The operation and integration of customer data and IT supportive policies were extracted as the themes of IT.
Gartner researches indicate that by the end of 2018, about 70% of companies will use Cloud computing to store their data and for information resources purposes. Using cloud computing can improve organizations capabilities to access customer information and also help users and other stakeholders to get access to services and information (Expert 6).
In an ever-increasing competition environment and when security and privacy is a matter of high criticality, some organizations are reluctant to share their information on cloud platforms to decrease the misuse or abuse of sensitive information of customers. In this way, these companies prefer to pay more cost for the establishment and maintaining the required facilities to proceed with the on-premise approach (Expert 5).
Making decision whether to use cloud computing or on-premise is a strategic decision toward benefiting from CIAM.
6.9 Integration of customer data
Customer data is stored in a variety of ways and databases. For example, websites, blogs, social networks, Smartphone applications, CRM databases and […] each of these resources has got a special value for a part of the business. But when we are talking about the customer identity, integration and aggregation of customer data, all of the mentioned resources are important. As a matter of fact, the art of aggregating customer data creates a special value for companies who are seeking to take competitive advantage over their rivalries in the market […] information technology tools and dashboards should be synced, harmonized and interoperable with each other in a way that creates this value (Expert 2).
In my viewpoint cognitive science and technologies, analytical tools and prescriptive technologies help to analyze and go for deep investigation into data and reach to optimized results and knowledge about the customer. Big data analyzing tools, data mining, and web mining technologies could solve some parts of this problem (Expert 4).
Aggregation and customization are two important items which enforce enterprises to use IT tools to formulate policies about integration of customer data and use it. Also, information integrity is a vital step in this section. Gathering a variety of data and information about user or customer is so important. But the integrity and validity of the information is vital and influential. It means that if incorrect or inauthenticity data be considered as the basis of computation, the CIAM system will not help the organization to accomplish its set goals. As a matter of fact, a pre-process of customer data is necessary and it should be done before the usage and consider data as a valuable and effective component. Therefore, it is important to take to account the following points:
A well-established mechanism should be applied to separate and omit invaluable or incorrect data at the first step of entering the data in the CIAM system.
Old and new data of customer should continuously be monitored according to the new data gathered. This work is actually possible based on the behavior of the customer in cyber channels. In fact, customer behavior data is real data about a customer in cyberspace. Information integrity will be acquired in a more effective way through customer data behavior. This should be carried out through techniques like data mining or more advanced technologies like artificial intelligence. In other words, customer data will be more valuable during the time, as a real data profile regarding each user is created and it would be capable to show a comprehensive view of customer’s preferences, priorities and other related information which is valuable for the organization.
6.10 IT supportive policies
Privacy has been one of the most important challenges in cyberspace for users and e-service providers as well. Every day a lot of data about users in cyberspace are stored, analyzed, shared and used. Almost all countries with different cultural backgrounds and law enforcement, consider privacy concerns of users […] there are some technologies which are applied to obtain privacy mechanisms. For instance, privacy enhancing technologies (PET) are used to help users use anonymous identities when they forget their password to get access to online services. There are other methods to obligate service providers to be compiled to get the permission of users to access and use their data in each field of service (Expert 6).
Privacy pertains to the ability of citizens to opt in or out of digital public services. Innovations cannot be mandated, but citizens must retain the right to select the services they wish to use, or with which they like to engage. With the advancements of technologies in the field of CIAM or other fields, IT through other technologies should support the privacy of users in the cyberspace (Expert 3).
Privacy management is one important pillar of every system in cyberspace which must be considered to obtain the tendency and acceptance of all users:
Security technology solutions have entered to a new transformative paradigm. In traditional solutions, using firewalls, security protocols and other related technologies were popular. But the game has changed! Today we are facing user-centric security management which put the user at the center of the security policies and technologies. User behavior analysis is one of the new ways to monitor and control the actions and behavior of users and do suitable reaction if any risky behavior happened. So all hard and soft technology policies should be considered in cyberspace when facing customer data (Expert 1).
While there are numerous benefits to businesses that implement CIAM, there must always be mindful of security risks. Motivations and goals for attacks on systems like CIAM will vary depending on the usage, as will the Tactics, Techniques, and Procedures employed by malicious actors involved in possible attacks […] in addition, Innovation cannot be deployed without ensuring the security of the interactions and stored content, e.g. users' profiles and preferences, or personal data, choices, and activities. Without security there can be no trust in the digital public services or infrastructure, leading to the non-use of the services (Expert 2).
Security is another important pillar of systems such as CIAM from the experts’ point of view.
6.11 Business management
The experts clarified topics related to business management, CRM and business enforcements, as follows.
6.12 Customer relationship management
I believe that CIAM has changed the marketing process since getting access to user data in various ways is possible now. Companies share customer data with each other, sale them in different formats and for special purposes. Digital transformation has a profound impact on relationships between bossiness and customers. Mobility, sociability, big data, cloud computing and also internet of things are a game changer in marketing management. Methods of marketing, advertising, delivering services to users are all based on customer data (Expert 5).
Thanks to cyberspace evolutions, new business models are emerging. Identity economy and identity industry are concepts which imply that user data is an oil well. Considering this discipline, data itself is a good or service which affects sales strategies to add some new business alternatives or change partners and revenue streams. Customer identity is a good market opportunity for companies which attempt to facilitate their sales processes […] (Expert 3).
Marketing and sales management are two primary processes related to CRM systems which were mentioned here as subthemes of CRM.
6.13 Business enforcements
Privacy policies in business is one of the ethical issues which enhances customers’ trust against organizations. That shows how a service provider ensures that the user’s data is kept safely during a business transaction. Maintaining the private and sensitive personal information of customers, especially financial and health information is of high priority in relevant businesses. Advocacy of user in privacy policies and sound enforcement is one of the methods of building trust in businesses (Expert 4).
Consumer privacy, or consumer rights means they have control over every bit of their personal information that they share with service providers. Privacy laws and regulations are in a state of flux over the last two decades since the advent of e-commerce. Almost all service providers and organizations with an Internet presence have privacy policies developed in accordance with the relevant laws and regulations of the jurisdiction in which they reside. So privacy about the user data in CIAM or other e-business systems should be considered seriously (Expert 2).
In a business environment, privacy management is an obligation or enforcement that should be considered in practice by management in the field of CIAM or even other business fields.
In this research, customer identity management was identified as one of the most important factors of CIAM framework. Customer identity management comprises all of the technologies that have evolved in enterprises, and in most cases takes advantage of them in line with the business ecosystem. CIAM puts customers at the center of the enterprise and getting access to applications, live data, and synchronizing and aggregating data across disparate sources is possible by using it. CIAM introduces a new generation of customer management (IAM cloud, 2017). Data collection and aggregation are the most important pillars of customer identity management. Data aggregation from multiple sources such as user profile, multiple account records, third-party databases and marketing systems into a single repository is a critical task in organizations (Ping Identity, 2015). As the customer’s identity data is the heart of a CIAM solution, it is managed through customer profile management. It also includes data provided by customers through the registration and preference management process. Preference management should be customizable in a way that allows the IAM team to determine the shape and make sense of the workflows, and the gathered and stored data within the customer profile (Ping Identity, 2016). Profile management is focused on managing the life cycle of the user’s identity data and includes capabilities such as creation, validation, augmentation, maintenance, usage and end of life (Forrester, 2015). Customer identity proofing is one of the sub-themes of customer profile management. National Institutes of Standards and Technologies (NIST) declares identity proofing is used to establish the uniqueness and validity of an individual’s identity to facilitate the provision of entitlement or service and may rely upon various factors such as, identity documents, biographic information, biometric information and knowledge of personally relevant information or events. With the increased ability of malicious actors to gain access to data that was once considered private, the efficacy of proofing methods that rely on private data declines (NIST, 2015). This is important for fraud prevention purposes and is often triggered at the time of account creation. CIAM offerings should deliver integration with identity-proofing and assurance services to reduce fraud during account sign-up, but they also need to provide it in a nonintrusive manner (Forrester, 2015). The diversity of tools and channels to make a relationship with users is considered in this theme, too. Karen Renaud, et al. (2007) suggest that as more and more critically confidential information is managed electronically by distributed information systems, efforts to gain unauthorized access to that information become more prevalent. Accordingly, Al-Fairuz and Renaud (2009) argue that multi-channel authentication can meet different needs, depending on the business type and security levels required. Email applications, as an example, might require multi-channel authentication to be applied as the primary authentication level.
Personalization and preferences management is another aspect of customer profile management. Preferences management provides user-centric controls at an application level that determine how users want to interact with a given vendor’s services and products. Preferences can be indicated across a wide range of aspects including communication channels and product interests (Forrester, 2015). Tapucu et al. (2008) argue that as preferences are naturally personal constraints, personalization provides support to satisfy the user’s preferences. Preferences are data on the domain model. Preferences can be an entity, a range of properties, a class or a selection of all.
Customer access management was recognized as another main theme in CIAM. Information Technology Infrastructure Library believes that access management is the process of granting authorized users the right to use a service while preventing access to non-authorized users. Access management can also be referred to as the rights management or identity management (ITIL, 2015). “Services access policies” and “services access facilities” are the themes of customer access management. “Access security” and “customization of products and services” are related to “services Access facilities.” Services access policies contain “tokens policies” and “authentication policies.” In this regard, Ping Identity points out that authentication beyond the scope of a username and password is a requirement for an increasing number of CIAM use cases, but striking a balance between strong security and user experience is tricky. Strong authentication for consumers must introduce the least amount of inconvenience and cover the broadest range of access methods and devices (Ping Identity, 2016).
IT is the third main theme of CIAM. “IT supportive policies”, “integration of customer data” and “operation” are three themes in this main theme. Cloud computing allows the delivery of IT services in a standardized way. It also optimizes the procurement of IT services from both external and internal providers. As a matter of fact, a spectrum from shared applications to virtual servers hosted internally is delivered (Kuppinger, 2011). Security management is one sub-theme in IT supportive policies. Security focuses on the protection of content, whereas privacy pertains to the ability of citizens to opt-in or out of digital public services (Carlo Bertot and Estevez, 2016).
Business management is the last main theme of CIAM. Understanding and accounting for the goals of a business, marketing and IT will yield the best results for the organization as a whole. And implementing a CIAM solution may seem daunting, but it is necessary (Ping Identity, 2016). Business management and CIAM work with each other toward maximizing organizational profit and help organizations take a competitive advantage in the market. Enterprise’s interaction with current and potential future customers is one of the most important aims of CRM (Valmohammadi, 2017). This solution potentially is applied to attract and retain customers and maximize their lifetime value. In this regard, a close relationship with customers will be built through strong coordination between IT and marketing strategies in the organization (Onut and Ibrahim et al., 2001). Marketing and sales management are two subgroups of CRM solutions. Marketing management is a process of keeping marketing activities up-to-date (Kotler, 2012). “Sales management” is referred to the direction of sales force personnel. But today, the sales management applies to the management of all activities in the field of marketing, advertising, sales promotion, distribution and pricing (Singh Kundu, 2015).
Privacy management is a sub-theme of business enforcement theme. Privacy management in the CIAM solution needs to empower consumers to determine how personal data is collected and used, including opt-out options for marketing emails and sharing attribute data with third parties. In the management of consumer identities, authorization to share data is often delegated, rendered at runtime and at large transaction volumes. In large enterprises with customers in multiple geographies, tracking compliance with the different privacy mandates demands a central CIAM approach (Forrester, 2015). Finally and based on the extracted themes in Table I, a conceptual framework is developed titled “customer identity and access management framework” or “CIAM framework”. The purpose of this framework is to provide a comprehensive view of CIAMs main concepts and factors and also the probable relationship between them. This framework is shown in Figure 4.
The main components of this framework are customer identity management, customer access management, IT and business management. Customer identity management and customer access management should be considered and formulated based on specific policies involving both of them. Also, IT and business management have a close relationship with each other in a way that formulating business and IT policies should be elaborated to fulfill the requirements of customer IAM.
Therefore, all of the items mentioned here, are under the umbrella of CIAM governance. Governance is a set of policies, procedures, practices and organizational structures which ensure the accomplishment of strategic goals of organizations. Accordingly, identity and access governance consist of a set of policies, procedures, practices and organizational structures that together are aimed at ensuring that the management of identity get access to the applications and information according to the set strategies and controls. The objective of identity and access governance is to manage risk and ensure compliance with laws and regulations (Mike Small, 2011). In customer identity and access governance, standards, policies, procedures, priorities, regulations and other internal and external policies of CIAM are identified to implement CIAM in an enterprise or a wider scope, efficiently and effectively. Deep analysis and using business intelligence (BI) tools is used to make a relationship between customer identity management and customer access management. IT plays the role of an enabler toward facilitating their processes. It is noteworthy that BI should be applied to CIAM given business management policies.
8. Conclusion and suggestion for further research
Despite the fact that there are many different meanings applicable to customer identity, we consider it as a broad and vast spectrum of customer attributes or information in cyberspace (including previous, present or predicting the future behaviors or experiences of customers) in which organizations can access them to optimize delivering goods and service to them.
Identity is defined as any group label by using it a consumer is willing to introduce himself/herself to a clear image of what an individual in that category looks like, thinks, feels and does (Reed et al., 2012).
CIAM is a sub-genre of traditional IAM that has emerged in the past few years to meet evolving business requirements. Enterprises want to collect, store and analyze data on consumers to create additional sales opportunities and increase brand loyalty. IAM system should cover all objects and users which are corresponding to identity context information (Al morsy et al., 2016). Also, CIAM goes beyond traditional IAM which commonly supports some baseline features for analyzing customer behavior, and integrates into CRM and marketing automation systems. CIAM focuses on the connectivity with the customer when accessing any type of systems, on-premises and in the cloud, from registration to track. With CIAM, to some extent, similar kinds of information as in CRM systems can be collected, but the consumers themselves provide and maintain this information.
IAM systems can stand alone and be applicable to their own interface to enable staff to adjust and configure an access or can synchronize with existing CRM systems to verify users and the content that they are authorized to access or modify (Lloyd, 2015). CIAM is a new concept in IAM literature and to the best authors knowledge it is among the first endeavors toward proposing a CIAM conceptual framework. As a matter of fact, in this research, through using a qualitative approach we investigated dimensions of CIAM as a new framework. The subject of the current study is very important and influential. In this research the dimensions and factors of CIAM, namely, customer identity management, customer access management, IT and business management were identified in the framework of CIAM. As a result, the “CIAM framework” seems to be comprehensive in a way that encompasses different types of IAM of customers as a robust and comprehensive typology model.
CIAM can significantly improve users’ experiences, add value, increase brand loyalty and generate revenue. For businesses which require to interact with their customers, CIAM is a necessity and should be considered as a business objective. However, CIAM is not an end per se, it is the technology that enables many other business initiatives. The CIAM market is mature, with many vendors offering standard and deluxe features to support millions of users across almost every industrial sector. IT departments should welcome CIAM initiatives, as they provide an opportunity for IT, which is usually considered as a “cost center,” and closely cooperate with the marketing department toward creating a revenue-producing center.
Finally, to use CIAM framework and put it into practice, it is recommended further research to be done based on the ideas of experts in different fields of knowledge in various industries and in a wider population to customize the proposed framework accordingly. Also, we believe that the use of the “CIAM framework” to compare the capability of companies in managing customer identity and access in private and public organizations could be another avenue for future research. In this study an attempt was made to propose a comprehensive CIAM framework. But to be implemented effectively in organizations, it should be implemented according to the IT infrastructure and the maturity of organizations. Indeed, this framework needs to be implemented based on a precise schedule. As some parts of the framework are currently used by organizations in regular possesses, these parts of CIAM could be improved and replaced by more effective processes and through a precise and comprehensive plan. Therefore, another avenue for future study could be the focus of researchers on the validation of this framework and implementing it in various industries toward achieving a practical CIAM framework for each industry.
Profile of the experts
|Expert||Gender||Age||Work experience||Educational level||Field of expertise|
|1||Male||33||10||MS||Identity and access management|
|2||Female||30||8||PhD||Customer relationship management|
|4||Female||31||8||MS||Identity and access management|
|6||Female||32||9||MS||Identity and access management|
Main theme, themes and sub-themes findings
|1||Customer identity management||Data collection and aggregation||Customer new data|
|Customer old data|
|Customer profile management||Customer identity proofing|
|Customer authentication in multiple Channels|
|Personalization and preference management|
|2||Customer access management||Services access policies||Authentication policies (multi-factor authentication, …)|
|Services access facilities||Access security|
|Customization of products and services|
|3||Information technology||Operation||Cloud computing|
|Integration of customer data||Aggregation|
|IT supportive policies||Privacy management|
|4||Business management||Customer relationship management||Marketing management|
|Business enforcements||Privacy management|
Al morsy, M., Grundy, J. and Müller, I. (2016), “An analysis of the cloud computing security problem”, arXiv preprint arXiv:1609.01107.
Al-Fairuz, M. and Renaud, K. (2009), Multi-Channel, Multi-Level Authentication for More Secure eBanking, in ISSA.
Asgharpour, M.J. (2013), Group Decision-Making and Games Theory with an Attitude of Operation Research, Tehran University Press, Tehran (In Persian).
Bradford, M., Earp, J.B. and Grabski, S. (2014), “Centralized end-to-end identity and access management and ERP systems: a multi-case analysis using the technology organization environment framework”, International Journal of Accounting Information Systems, Vol. 15 No. 2, pp. 149-165.
Carlo Bertot, J. and Estevez, E. (2016), “Universal and contextualized public services: digital public service innovation framework”, Government Information Quarterly, Vol. 33 No. 2, pp. 211-222.
Cavanagh, S. (1997), “Content analysis: concepts, methods, and applications”, Nurse Researcher, Vol. 4, pp. 5-16.
Chen, J., Wu, G. and Ji, Z. (2011), “Secure interoperation of identity management among different circles of trust”, Computer Standards and Interfaces, Vol. 33 No. 6, pp. 533-540.
Desouza, K.C. and Awazu, Y. (2005), “Maintaining knowledge management systems: a strategic imperative”, Journal of the American Society for Information Science and Technology, Vol. 56 No. 7, pp. 765-768.
Dobney.com (2008), “What is customer knowledge”, available at: www.dobney.com/Knowledge/ck_definition.htm
Elliott, R., Fischer, C.T. and Rennie, D.L. (1999), “Evolving guidelines for publication of qualitative research studies in psychology and related fields”, British Journal of Clinical Psychology, Vol. 38 No. 3, pp. 215-229.
Farash, M.S., Turkanović, M., Kumari, S. and Hölbl, M. (2016), “Efficient user authentication and key agreement scheme for heterogeneous wireless sensor network tailored for the internet of things environment”, Ad Hoc Networks, Vol. 36, pp. 152-176.
Forrester (2015), Customer Identity and Access Management (CIAM) Solutions, Market Overview.
García-Murillo, M. and Annabi, H. (2002), “Customer knowledge management”, Journal of the Operational Research Society, Vol. 53 No. 8, pp. 875-884.
Gartner (2017), Available at: www.gartner.com/it-glossary/identity-and-access-management-iam/
Gibbert, M., Leibold, M. and Probst, G. (2002), “Five styles of customer knowledge management and how smart companies use them to create value”, European Management Journal, Vol. 20 No. 5, pp. 459-469.
Gigya (2017), available at: www.gigya.com/solutions
Gilbert, J.A. (2014), “Consumer identity theft prevention and identity fraud detection behaviors: an application of the theories of planned behavior and protection motivation”, (Doctoral dissertation).
Graneheim, U.H. and Lundman, B. (2004), “Qualitative content analysis in nursing research: concepts, procedures, and measures to achieve trustworthiness”, Nurse Education Today, Vol. 24 No. 2, pp. 105-112.
IAMcloud (2017), Available at: www.iamcloud.com
IDC (2017), available at: idc.com
ITIL (2015), “A guide to access management; UCISA”, available at: www.ucisa.ac.uk
Karen, R., Richard, C. and Fairuz, M.A. (2007), “A support architecture for multi-channel, multi-factor authentication”, in IADIS International Conference, Algrave, Portugal.
Khalil, I., Khreishah, A. and Azeem, M. (2014), “Consolidated identity management system for secure mobile cloud computing”, Computer Networks, Vol. 65, pp. 99-110.
Kolbe, L.M. and Geib, M. (2005), “Customer knowledge management”, In Proceedings of the 38th HI International Conference on System Sciences (HICSS).
Kotler, P. (2012), Marketing Management.
Kundu, S.S. (2015), “Sales management: an overview”, available at: www.ddegjust.ac.in/studymaterial/mba/mm-308.pdf
Kuppinger, M. (2011), Understanding Identity and Access Management, Kuppinger Cole Ltd. IT Analysts.
Lloyd, T. (2015), “Access management: the overlooked but critical enabler”, Learned Publishing, Vol. 28 No. 4, pp. 292-297.
Maswera, T., Dawson, R. and Edwards, J. (2006), “Assessing the levels of knowledge transfer within e-commerce websites of tourist organizations in Africa”, Electronic Journal of Knowledge Management, Vol. 4 No. 1, pp. 59-66.
Mike Small (2011), From Identity and Access Solutions to Access Governance, Kuppinger Cole Ltd. IT Analysts.
NIST (2015), “Measuring strength of identity proofing”.
Onut, S. and Ibrahim, E. (2001), “Customer relationship management in banking sector and a model design for banking performance enhancement”, Unifying Themes in Complex Systems IV, Springer, Berlin, Heidelberg, pp. 370-378.
Ping Identity (2016), Collaborate for Customer IAM Success.
Ping identity (2016), “Selecting a customer IAM solution”, available: www.pingidentity.com/content/dam/pic/downloads/resources
Ping Identity (2016), “Collaborate for customer IAM success”, available: www.ciosummits.com/Ping_Identity_collaborate-for-customer-iam-success.pdf
Ping Identity (2016), A Checklist for Customer IAM Success, by Bevilacqua, C. (Ed.)
Ping Identity (2016), “Getting customer IAM right”, White Paper.
Ping identity (2017), available: www.pingidentity.com/en/resources/guides/ultimate-guide-to-ciam.html
Polit, D.F. and Beck, C.T. (2008), Nursing Research. Generating and Assessing Evidence for Nursing Practice, Lippincott, Williams and Wilkins.
Reed, A., II. and Forehand, M.R. (2016), “The ebb and flow of consumer identities: the role of memory, emotions, and threats”, Current Opinion in Psychology, Vol. 10, pp. 94-100.
Reed, A., II, Forehand, M.R., Puntoni, S. and Warlop, L. (2012), “Identity-based consumer behavior”, International Journal of Research in Marketing, Vol. 29 No. 4, pp. 310-321.
Rollins, M. and Halinen, A. (2005), “Customer knowledge management competence: towards a theoretical framework”, Proceedings of the 38th HI International Conference on System Sciences, Big Island, HI.
Rowley, J. (2002), “Eight enhancing questions for customer knowledge management in e-business”, Journal of Knowledge Management, Vol. 6 No. 5, pp. 500-511.
Salomann, H., Dous, M., Kolbe, L. and Brenner, W. (2005), “Rejuvenating customer management: how to make knowledge for, from and about customers work”, European Management Journal, Vol. 23 No. 4, pp. 392-403.
Sandelowski, M. (2010), “What’s in a name? Qualitative description revisited”, Research in Nursing & Health, Vol. 33 No. 1, pp. 77-84.
ShamiZanjani, M., Rouzbehani, R. and Dabbagh, H. (2008), “Proposing a conceptual model of customer knowledge management: a study of CKM tools in British dotcoms”, Proceedings of World Academy of Science, Engineering, and Technology, 28, April, Rome.
Sharma, D.H., Dhote, C.A. and Potey, M.M. (2016), “Identity and access management as security-as-a-service from clouds”, Procedia Computer Science, Vol. 79, pp. 170-174.
Shenton, A.K. (2004), “Strategies for ensuring trustworthiness in qualitative research projects”, Education for Information, Vol. 22, pp. 63-75.
Su, C.T., Chen, Y.H. and Sha, D.Y. (2006), “Linking innovative product development with customer knowledge: a data-mining approach”, Technovation, Vol. 26 No. 7, pp. 784-795.
Sullivan, C. (2016), “Digital citizenship and the right to digital identity under international law”, Computer Law and Security Review, Vol. 32 No. 3, pp. 474-481.
Tapucu, D., Ozgu, C., Okan, B. and Unalir, M.O. (2008), Metamodeling Approach to Preference Management in the Semantic Web, Association for the Advancement of Artificial Intelligence.
Tatli, E.I. and Lucks, S. (2009), “Mobile identity management revisited”, Electronic Notes in Theoretical Computer Science, Vol. 244, pp. 125-137.
Teh, P.S., Zhang, N., Teoh, A.B.J. and Chen, K. (2016), “A survey on touch dynamics authentication in mobile devices”, Computers and Security, Vol. 59, pp. 210-235.
Valmohammadi, C. (2016), “Investigating the perception of Iranian organizations on the internet of things solutions and applications”, Industrial and Commercial Training, Vol. 48 No. 2, pp. 104-108.
Valmohammadi, C. (2017), “Customer relationship management, innovation and performance”, International Journal of Innovation Science, Vol. 9 No. 4, pp. 374-395.
Werner, J., Westphall, C.M. and Westphall, C.B. (2017), “Cloud identity management: a survey on privacy strategies”, Computer Networks, Vol. 122, pp. 29-42.
Zhang, Z. (2011), “Customer knowledge management and the strategies of social software”, Business Process Management Journal, Vol. 17 No. 1, pp. 82-106.
Liu, D.Y., Chen, S.W. and Chou, T.C. (2011), “Resource fit in digital transformation: lessons learned from the CBC bank global e-banking project”, Management Decision, Vol. 49 No. 10, pp. 1728-1742.