CIAM (Customer Identity & Access Management) is where IAM meets real product constraints: conversion rates, support costs, fraud, privacy regulation, and at-scale reliability.
This page is vendor-agnostic by design: the concepts apply whether you use a homegrown stack or a CIAM platform.
Principle: earn data
Ask for data when:
- you can explain why
- the user gets a clear benefit
Patterns
- Ask only what is required at registration
- Collect optional attributes later (preferences, demographics)
- Use just-in-time consent (especially for sensitive categories)
Governance
- Data minimization
- Attribute lifecycle: who can read/write, retention, and deletion
Checklist
- Define a canonical user profile schema
- Separate marketing attributes from identity assurance attributes
- Track consent by purpose
