CIAM (Customer Identity & Access Management) is where IAM meets real product constraints: conversion rates, support costs, fraud, privacy regulation, and at-scale reliability.
This page is vendor-agnostic by design: the concepts apply whether you use a homegrown stack or a CIAM platform.
The problem
In CIAM, the identity system is rarely the only profile store. You usually have:
- CIAM directory
- application database(s)
- CRM / marketing platforms
- analytics pipelines
Architecture options
CIAM as source of truth
- Centralized profile
- Downstream sync via events
App DB as source of truth
- CIAM used primarily for auth
- Profile stays in product DB
Event-driven sync
- Emit user profile change events
- Consumers update their own projections
Checklist
- Define system-of-record per attribute
- Prevent update loops
- Handle deletes and merges correctly
- Audit and monitor sync failures