Website personalization: Personalizing experiences without third-party cookies

For most of human history, most people lived in tight-knit communities where every interaction was inherently personalized.

As city-states emerged and populations grew, personalized experiences remained the norm, and it’s only relatively recently that impersonal or anonymous exchanges became common. But because of our hardwired affinity for familiarity, we appreciate when a barista knows our name and order, a clothing retailer knows our size and style preferences, or a friend recommends a movie based on what we’ve both enjoyed.

It’s no surprise that, in the digital world, brands try to emulate such individualized service. Over the years, personalization has matured from simple field insertions (e.g., name and title in an email) to AI-driven predictive algorithms attempting to anticipate your needs and wants (e.g., a recommendation engine based on your inferred interests and motivations).

Today, personalization is everywhere, and it’s getting smarter. Research suggests 92% of companies are using AI-driven personalization to help their businesses grow. But AI recommendations and predictive models rely on accurate and plentiful data as input — and much of that data is about to disappear, as browser support for third-party cookies comes to an end.

Fortunately, crumbling cookies don’t mean that the age of personalization is ending (even if 75% of marketers report that they still rely “heavily” on them). In fact, tomorrow’s personalization — whether via a website, a chat utility, an email campaign, or something else entirely — will be more accurate, relevant, and beneficial for users and brands.

We’ll illustrate how marketers can use Customer Identity and Access Management (CIAM) to keep the “person” in “personalization,” even as third-party cookies disappear, users exert greater control over their privacy, and organizations struggle to link siloed datasets.

What is website personalization?

At its most literal and aspirational, website personalization is the process of delivering a website experience tailored to every user — known (identified) and unknown (anonymous). This dynamic, one-to-one experience is a significant departure from the static and simplistic one-to-many model that often characterizes an organization’s initial forays into building a web presence.

When thinking about website personalization, it’s important to recognize a website is a small part of a larger whole, and personalization exists in degrees.

Website personalization is just one part of a bigger picture

According to Salesforce, 80% of consumers say that a company’s experience is as important as its product or services, and just over 70% prefer different channels depending on context. Crucially, a user’s overall experience results from interactions across every channel. For obvious reasons, websites are vital to most online organizations, and optimizing the user experience is a major element of communication, marketing, sales, and customer support strategies.

However, fixating on “website personalization” can cause marketers to overlook other channels — email communications, push notifications, social media interactions, chat utilities, and more — that contribute to a user’s overall experience and should bear weight within the broader personalization strategy. Moreover, the same thinking extends to support channels and self-service flows (e.g., password resets or multifactor enrolment).

Personalization exists on a maturity spectrum

Personalization extends over a full spectrum, with organizations maturing their personalization capabilities over time.





      Everyone                            Cohort/Persona                          Individual


       None                                 Basic/Superficial                             Hyper


As mentioned earlier, one end of this spectrum is the simple one-to-many approach in which every user encounters the same experience. While this approach works in some situations, like when conveying information that applies to every possible user, its use is diminishing over time.

In the middle of the spectrum, personalization is limited to superficial enhancements like field insertion (e.g., including a name and recent purchase in an email) and targeting based on simple rules-based segmentation.

This middle ground is where many consumer-oriented businesses end their journeys, because it’s relatively easy to reach with today’s tools, and it typically delivers results (e.g., improved conversions, higher loyalty, etc.). Plus, it can be intimidating or challenging to move further.

Hyper-personalization — delivering one-to-one experiences tailored to each user’s preferences, behavior, and predictions informed by these factors — is the idealized extreme and is found at the intersection of:

  • Information the user wants you to know and has consented to share
  • Insights and predictions surfaced through deep analysis — performed increasingly by AI — of aggregated user data

Only the most mature and advanced organizations, including household names like Amazon, Starbucks, and Spotify — are here today. There’s quite a bit to unpack in those two bullets. We’ll do so shortly, but first, let’s quickly address why personalization matters.

Why does website personalization matter?

The fifth edition of Salesforce’s State of the Connected Customer report revealed that 73% of consumers expect companies to understand their unique needs and expectations (up from 66% in 2020).

And there’s ample evidence to indicate that doing so is worthwhile. In fact, a McKinsey study reveals that 78% of respondents are more likely to make repeat purchases from companies that personalize.

In fact, we could write entire posts and documents about why personalization matters, but the jist is: Better experiences keep users coming back, and personalization creates better experiences.

But now it’s time to address an unavoidable reality: The foundation of personalization is shifting beneath marketers’ feet.

Website personalization will get harder, then better

Website personalization is going to become more difficult to implement at first, but will eventually become easier. Hyper-personalization and intermediate personalization targeting groups of users require information about:

  • Each user, to help focus messages and content
  • Users in aggregate, to lead to behavioral insights

And information accuracy is essential; otherwise insights and personalization may miss the mark — undermining the very purpose of the personalization initiative.

Hyper-personalization depends on AI, and AI depends on accurate data

Deloitte’s Connecting with meaning - Hyper-personalizing the customer experience using data, analytics, and AI explains, “AI allows organizations to sift through vast amounts of information in real time and make decisions on the types of interactions to have with customers.”

(AI’s importance to hyper-personalization is underscored by the fact that the report references AI no fewer than 25 times.)

However, the impending phase-out of third-party cookies means much of the information AI engines need and upon which marketers have long relied will disappear.

In tandem, regulatory restrictions about how data can be collected and used and consumer awareness about privacy are also reshaping the relationship between brands and users. Consumers clearly have an appetite for personalization.  Still, they’re more conscious that they’re participating in value exchange, surrendering personal information in return for something worthwhile — a better experience, a membership perk, a discount, and so on.

So, how can marketers create personalized experiences in the privacy-conscious world? By using customer consent to collect:

  • Zero-party data (ZPD) customers willingly share with you, such as fields on a sign-up form, their shipping details, or an email survey they completed. This often includes personal data that can be attributed to a single person and is protected by data privacy regulations in many jurisdictions.
  • First-party data (FPD) customers generate as they interact with your site, including search history, analytics information, session metadata, and more. Many types of FPD require consent to acquire and use. Unlike ZPD, some kinds of FPD can be anonymous (e.g. web analytics) and, in certain cases, later de-anonymized.

While third-party sources can be noisy and often contain incorrect or outdated information that will lead AI engines astray, ZPD and FPD are more likely to be timely and accurate — especially when your users recognize the value of consenting to share such data. And getting users to recognize that value starts with the experience. Offer a compelling reason and make it easy for customers to consent, identify, engage, and re-engage. For instance, asking for too much information upfront or forcing a would-be customer to enter a password to re-engage can lead to them abandoning the interaction.

It’s better to reduce friction by collecting only necessary information during relevant moments to  identify users initially and continue getting to know them over time — no matter what channel they’re using to interact with your brand. For instance, it could start with collecting a verified phone number or email address (more on this later).

As you enrich your user profiles over time, you’ll be able to move further along the personalization spectrum into truly individualized experiences. And the key to gathering accurate user information (and, for some use cases, putting it to work) is CIAM.

Using CIAM to power personalized experiences

CIAM is often oversimplified as the technology that powers your login box (or protects your APIs) and controls what users are allowed to do (i.e., what resources they are allowed to access) after they authenticate with your system. However, CIAM is, at its core, customer data, plus the tooling to protect, respect, and connect that data, making it essential for delivering personalized experiences in a privacy-conscious and cookieless world.

Let’s look at some examples.

Moving users from unknown to known to converted

While sharing how Albertsons served up a seamless omnichannel shopping experience for over 30 million customers, Ramiya Iyer, GVP of IT digital, data and pharmacy, observed, “The more we can identify our customers, the better personal experience we can offer.”

Through registration and login flows, CIAM helps usher users from anonymous to known — creating the data record that makes truly personalized experiences possible — and from known to converted.

In general, the easier it is for a user to identify (i.e., the lower the friction of the registration and sign-in process), and the more contextualized and relevant the experience, the higher your conversion rate. In fact, nearly 60% of consumers say they’re more likely to spend money when services offer a simple, secure, and frictionless login process.

To ensure a convenient experience across all of a brand’s digital touchpoints, modern CIAM solutions empower users to identify themselves in various ways, including:

  • An email address or phone number that can be verified as legitimate through authentication events
  • A passkey that replaces passwords by enabling users to authenticate the same way they unlock their mobile devices (e.g., Face ID, fingerprint scan, PIN) 
  • Social login, a one-click sign-up (e.g., “Sign in with Google”) option using their existing social accounts, which has the added benefit of profile enrichment with existing social profile attributes (e.g., date of birth, etc.)

For instance, a retailer could ask an unknown customer for their email to get a discount code or for shipping confirmation. By doing so, the retailer gains information that helps identify the customer or build out their profile — and if the customer consented to personalization, this identifier can also tie anonymous activity in the analytics system to the known user.

Using progressive profiling to enrich customer profiles without adding friction

Okta’s Customer Identity Trends Report revealed that long sign-up forms are a major source of frustration for users. Even if they don’t result in abandonment, long forms can still result in users entering junk data — with either result negatively impacting customer experience, conversions, and data quality.

In fact, junk data is a significant and insidious threat to AI-based hyper-personalization, as it will lead to messages and experiences that miss the mark. Meanwhile, detecting and removing it (even with automation) is a huge undertaking.

Modern CIAM solutions can ingest data from various sources and, as mentioned above, offer the flexibility to tailor sign-up and sign-in flows. These solutions can, for instance, trigger progressive profiling, an approach to data collection in which you gradually build up a picture of your customer.

For example, a returning user on a home furnishing site can be prompted: “Tell us a bit more about your living space and aesthetic so we can serve up items that best fit your style and space." Do you live in an apartment or a house? Do you lean more towards mid-century modern, or boho chic?” This incremental, benefit-oriented approach builds trust and is less likely to frustrate your users to the point where they enter garbage into your form fields.

Building trust to earn user consent

Under modern privacy guidelines, you can’t personalize without getting user consent to gather and use their data. Having a centralized place to store this consent — along with general user preferences — is therefore essential for efficiently delivering personalized experiences per regulations and privacy law.

However, the shift in how personalized experiences are delivered should entail more than finding new ways to gather and correlate the necessary data. Instead, it should involve placing trust and transparency at the heart of your relationships with customers.

  • Publish a clear and straightforward opt-in notice. Customers should understand which data they’ve agreed to share and for which purposes.
  • Offer users the ability to manage the data they’ve consented to share. If they’ve decided they want greater privacy, they can remove information. If their email address has changed, they can update it. And if they’d like to share more details about their current needs and preferences, they can.

CIAM makes such activities straightforward. Through integration with a consent management tool, CIAM simplifies acquiring and managing user consent. Beyond integrations, modern CIAM solutions can be tailored to address specific business requirements by supporting customization of the sign-up and login experience (e.g., the ability to add custom text, URLs, form elements, etc). Additionally, all the customer data a CIAM solution stores can be pushed to customers to manage via self-serve — their identities, data, and preferences.

Enabling other business systems

In immature organizations, CIAM tools operate alone. But CIAM shows its true potential when working in an integrated way with other systems — across the MarTech stack —  to orchestrate personalized customer journeys. Modern CIAM solutions provide a means to collect up-to-date FPD, ZPD, and omni-channel data and integrate this data with other systems for strategic and tactical decisions and experiences.

By unifying identification (i.e., sign-up and login), authentication, and authorization across channels, CIAM provides meaningful assurance that a user is a person rather than a bot while also helping combat the issue of data fragmentation — which degrades data quality and analytics and leads to compliance missteps.

Through integration with third-party tools and services, CIAM solutions can enable:

  • Profile enrichment in a CDP or CRM system to ensure profiles and records contain accurate and relevant data
  • Unification across data silos, including by tying anonymous user actions in web analytics to converted (identified users)
  • Campaign optimization, for instance, by automatically adding customers to a campaign based on context or login frequency while providing assurance that the email and phone number are legitimate
  • Personalized recommendations within an e-commerce platform to facilitate secure and streamlined checkouts
  • Optimized in-store experiences, including traditional (i.e., person-to-person) customer service, self-service support kiosks, and other point-of-sale enhancements

Essentially, a modern CIAM platform orchestrates, enriches, and connects the data to and  from these systems (or any third-party system related to your customers) across tech stacks, greatly enhancing where and how your organization delivers personalized experiences.

CIAM is key to personalization

Customers will remain anonymous if they have no compelling reason to identify. Give them a reason via convenient and contextualized experiences that match where they are in their journey.  

Catering to customers' needs requires understanding them through data, and the foundation of this is knowing who the customer is as a person. Hyper-personalization’s effectiveness hinges on access to accurate, complete, and consented data.  Without it, your personalization efforts may be missing the mark or out of compliance, and polluted analytics may be stunting your ability to rectify the issue. 

With a CIAM solution to help you register and authenticate users, gather consent, enrich user profiles, and activate omnichannel insights across the MarTech stack, you can deliver the best experience for each user — even without third-party cookies.

For more information on how CIAM enables an accurate and compliant, forward, 360-degree view of customers, especially when working in tandem with CDPs, check out this blog.

These materials and any recommendations within are not legal, privacy, security, compliance, or business advice. These materials are intended for general informational purposes only and may not reflect the most current security, privacy, and legal developments nor all relevant issues. You are responsible for obtaining legal, security, privacy, compliance, or business advice from your own lawyer or other professional advisor and should not rely on the recommendations herein. Okta is not liable to you for any loss or damages that may result from your implementation of any recommendations in these materials. Okta makes no representations, warranties, or other assurances regarding the content of these materials.  Information regarding Okta's contractual assurances to its customers can be found at