How to Choose the Right CIAM for Your Integration Architecture


In the last three articles in this series on CIAM, I have covered various open source and commercial frameworks, and explained the architecture as well as the pros and cons of these frameworks. This last article in the series will help enterprise architects to prepare a digital migration architecture to choose the right CIAM solution suitable for the target architecture.

This article will cover some important CIAM frameworks. Let’s begin.

Microsoft Active Directory (AD) B2C
When you are integrating a CIAM solution for your enterprise architecture, and you wish to prepare a solution that has serverless architecture without depending on users for resource handling and deployment based model change, then Microsoft AD B2C is the right choice.

Microsoft’s Active Directory (AD) is a B2C based CIAM solution, which is based on serverless architecture (e.g., Azure Logic functions or AWS Lambda). It can be designed to integrate with the on-premises Active Directory through online/offline synchronisation using AD Connect. It is a multi-tenant solution that has integrated architecture suitable for both SaaS and PaaS based architecture adoption.


  • Serverless architecture
  • Synchronises with on-premise AD data store (AD Connect)
  • Integrated cloud solution and flexible for hybrid cloud integration/adoption
  • Flexibility in cloud adoption and SDK support for cloud migration
  • Multi-tenant solution for cloud native architecture


  • High licence and support cost
Figure 1: Sample architecture of implementing CIAM using Microsoft AD B2C
Figure 2: Architecture of the UnboundID framework

If you are preparing a CIAM solution that has centralised data governance with a preference based user dashboard and real-time report on access metrics, then choose UnboundID as the framework to integrate your architecture.
UnboundID is a unique CIAM solution. It has a centralised data store integrated with LDAP SDK and proxy management architecture. It provides a preference management facility in a dashboard, federated single sign-on and high performance LDAP directory synchronisation. PingIdentity bought UnboundID in 2016 with the mission to provide a large scale CIAM solution for cloud and mobile based integration with a unified architecture.


  • Preference management facility in dashboard
  • Centralised data governance
  • Real-time report of metrics (usage statistics)
  • Data transmission across instances
  • Security of data management
  • Multi-tenant solution combined with LDAP integration
  • Unified architecture combining the facilities of PingIdentity
  • API integration for real-time metrics
  • Support for centralised data governance using the Identity data store and data sync services


  • No SaaS offering

LoginRadius is a cloud based SaaS solution for CIAM, and is popularly known as the data integration platform. It provides a detailed audit tracking facility, and can be integrated with marketing tools widely used for CRM solutions. It uses traditional e-mail based registration and social profiles to collect customer data, and uses the data for data analytics and audit tracking.
LoginRadius is currently in demand for enterprise integration.


  • Analytics data available for audit tracking


  • Doesn’t support many social IDp/Open IDp
  • Does not provide tight platform security
Figure 3: Features provided by the LoginRadius framework
Figure 4: SalesForceID integrated solution

SalesForceID is an integral component of the SalesForce integrated solution. It provides a REST based API solution for integrated API management of a CIAM solution. It also provides a provisioning solution for SalesForce sandbox integration, and supports intranet (DMZ) and public based integration.
SalesForceID provides an integrated solution for CRM based applications. Its pros and cons are listed below.


  • Free or discounted support to integrate with SalesForce CRM
  • API support
  • Customisation in reporting


  • Doesn’t support hybrid architecture

I have covered various CIAM solutions suitable for digital enterprise integration. An enterprise architect can choose the best fit CIAM solution for his/her integrated solution based on the following key factors:
1. Does the solution require cloud based integration (e.g., SaaS integration)?
2. Does the solution require a hybrid architecture (e.g., on-premise to cloud integration)?
3. Does the solution require audit trailing and logging support?
4. Does the solution expect API integration for integrated architecture?
5. Does the integration require SSO support for multi-component integration?
6. Do we expect entitlement management and role based access support with CIAM integration?
7. Does the solution expect ERP integration?
8. Do we expect social identity integration as part of CIAM integration?
Based on the above factors, one can choose the CIAM solution best suited for one’s target enterprise digital architecture. The intention of this series of articles is not to recommend any CIAM product or rank the product features, but to help an architect decide how to choose the right CIAM solution for his/her target architecture integration.

Note: The views expressed in this article are the author’s. Wipro does not subscribe to the substance or veracity of these views.


Please enter your comment!
Please enter your name here