Maximizing ROI with Customer Identity: 5 Questions with a guest from Forrester

Product teams are being asked to drive efficiencies and deliver more innovation with less budget, headcount, and time thanks to current macroeconomic conditions. That means delivering innovative product features, driving adoption and keeping users secure while expanding into new geos — and doing all of this faster than the competition.

Customer Identity and Access Management (also known as CIAM) can help Product teams:

  • Drive automation
  • Gain valuable insights on customer usage that inform product development
  • Help keep up with the latest security and compliance regulations

But how do you know when to move to a pre-built identity solution? How can you justify the cost? And how will AI change the customer identity landscape? 

After a recent Okta webinar featuring Andras Cser, Vice President, Principal Analyst at Forrester, we discussed why customer identity is critical to driving business outcomes and what organisations should consider when evaluating whether to build it themselves, or buy a pre-built solution.


Okta: What factors should companies consider when choosing between building their solution or using a CIAM Platform as consumer and B2B SaaS apps continue to converge?

Forrester: We see the following factors influencing decision makers in this space: 1) availability of a CIAM solution that has features to support the entire customer IAM journey including registration, risk based, contextual, multifactor and passwordless authentication, session management, and identity federation, 2) level and cost of existing integrations between CIAM platforms and consumer and SaaS applications, and 3) staffing costs for initial architecture, implementation and ongoing development and support for the CIAM platform.


Okta: What are the risks and benefits of building vs. buying a CIAM platform as companies expand into new markets globally?  

Forrester: Making the build vs buy decision when investing in a CIAM solution is always a compromise. Benefits of an in-house built CIAM platform include 1)) usually lower upfront costs (pick up an open source IAM package and build the CIAM platform around it), 2) tailored fit to business use cases, 3) higher performance in simple application environment, and 4) end-to-end control of the CIAM platform, including what components to deploy and not to deploy in production. Risks of in-house built CIAM platforms are numerous: 1) higher ongoing development and maintenance costs, 2) lack of security and penetration testing, 3) lower sophistication of centralised policy management and reporting than CIAM products, 4) lack of external technical support with guaranteed response times, and, as a result, 5) greater accumulation of technical debt and fragmentation throughout and after the lifecycle of the in-house built product. Benefits of CIAM products are the opposites of in-house built CIAM solutions’ risks, and risks of CIAM products are the opposites of in-house built CIAM solutions’ benefits (see above).

Tipping Point 

Okta: For digital native companies, what will be the tipping point to switch to an enterprise CIAM solution?

Forrester: Imbuing the customer journey into a digital identity context is mandatory: today’s websites and mobile apps, especially for digital native companies have to support customers in their interaction, enrollment, authentication, self-services, and use of the company’s core services – a web site or mobile app with purely informative content (PDFs, textual description of services, etc.) is not enough. The tipping point usually comes as from the combined cost pressures of the following factors: 1) costs of integration of third party apps (portals, customer data management, identity verification, etc.) with the CIAM solution, 2) ongoing labor costs for CIAM and application development and support, 3) compliance/audit findings from internal and external auditors that prove too costly to manage and/or remediate using in-house built tools, and 4) security breaches that force enterprise to rapidly switch to better tested CIAM tools.

The Era of Privacy

Okta: How can a CIAM platform help businesses build trust-based relationships with their customers in the era of privacy?

Forrester: Security and privacy that goes beyond simple policy statements and is supported by technical CIAM capabilities is key here. Trust is always bidirectional: customers need to trust their service provider’s presence (web site, mobile app) and terms of service, and support processes. Service providers have to trust their customer (at all stages of the customer journey, including enrollment, authentication, post authentication, during self services for access credentials recovery, etc.) A CIAM platform engenders customer trust by 1) supporting an invisible, orchestrated identity, 2) offering easy-to-understand enrollment, authentication and self-service processes, and 3) providing clean processes for self-service management of user preferences and consent.

The Future

Okta: How will AI and ML change the CIAM landscape in six months? Over the next three years?

Forrester: Artificial Intelligence (AI) and machine learning (ML) are nothing new but have gotten to new levels of maturity in the last 24-36 months due to rapid advances in computing power. Over the next six months, CIAM solutions will increase the maturity of threat detection and response by shortening the time required for the CIAM solution to automatically build behavioral baselines of individual and peer group user behavior in order to be able to detect account takeovers much more accurately. Over the next three years, CIAM solutions will build on advances in generative AI to 1) take citizen (less mature) CIAM administrators’ natural language instructions and translate them into formal CIAM policies, 2) interpret complex activity sequences and provide easy to understand narratives in a natural language (e.g.: English), and 3) reduce false positives in risk score to smoothen the customer and investigator/analyst experience.

Okta’s take: What this means for CIAM

As discussed, the decision to build your own CIAM solution vs buying a pre-built CIAM solution can be daunting and the tipping point to move from an in-house solution to a pre-built one is different for every organisation. However, you can start with the following considerations: 

  • Maintenance and development costs,
  • Ease of integration with your current and planned technology stack,
  • Scalability of the solution as you expand to new markets and geos, 
  • Ability to customise the user experience with ease and improve onboarding experience.

Looking for more? Take a deeper dive in our on demand webinar with Forrester, featuring Andras Cser here

For documents with privacy/legal concepts or privacy/security advice:

These materials and any recommendations within are not legal, privacy, security, compliance, or business advice. These materials are intended for general informational purposes only and may not reflect the most current security, privacy, and legal developments nor all relevant issues. You are responsible for obtaining legal, security, privacy, compliance, or business advice from your own lawyer or other professional advisor and should not rely on the recommendations herein. Okta is not liable to you for any loss or damages that may result from your implementation of any recommendations in these materials. Okta makes no representations, warranties, or other assurances regarding the content of these materials.  Information regarding Okta's contractual assurances to its customers can be found at