10 Years of Customer Identity and Access Management

10 Years of Customer Identity and Access Management

This is a true story. Names have not been altered. This is how Customer Identity and Access Management started (CIAM).

It all started on a rainy d… in the winter of 2006. We had just won a project from the tax administration to develop an identity management system for them. We were together with CGI on this [note: back then they were called WM-data that was later on acquired by CGI]. Together we sat down with the customer and started to finalize the first requirement specifications of a system that won the national information society award in 2006 and the European Identity Award in 2011 [note: Finnish content]. In 2006 the version 1.0 of the most advanced Customer Identity, Access and Authorization Management system was born.

From a Project to a CIAM Product

The project for the tax administration was called KATSO. The first version was released in 2006. But it was just that – the first version. I was crafting the requirement specifications and designing functions and features together with the customer and our dev team until the day I moved to Italy in 2008. It soon became apparent that the project we were delivering had potential to be turned into a product, which we did in 2007 when we delivered the first eIDM product to Tekes, a research and development funding agency.

Nobody talked about Customer Identity and Access Management in 2007. Neither did we, but we delivered a project and a product that are quintessential CIAM we talk about today. Back then our bread and butter came from authentication, SSO and federation solutions we had developed since 2002 when the company was founded. With the eIDM, later on named Customer ID and now part of Ubisecure Identity Platform, our focus shifted to what we today call CIAM.

The “Heureka” Moment

The problem for the tax administration was the same that plenty of companies face today. They wanted to automate and move their services online to better serve their corporate customers and reduce cost. Each month and year-end companies need to file tax reports. If the tax administration would be able to automate this process, the cost savings could be calculated in hundreds of millions in a 10 year span. And it has.

Tax administration needed a way to properly authenticate, but more importantly authorize a correct person who was submitting the report. They have over 300 000 organizations with a VAT number as their customers. The authentication part was easy – they had been using our authentication and Single Sign-On solution already for 4 years. The problem was authorization. And the bigger problem was, how to manage authorizations of over 300 000 organizations and their employees. The only answer was to outsource the authorization management to the customer organizations.

This conclusion led to one of the most advanced and successful CIAM implementations to date. The tax administration can delegate (appoint) the authorization management capabilities to their customer organization. This allowed the tax admininistration to completely outsource the authorization management to the organization that knows who should be allowed to do what. But the buck wouldn’t stop there. Quite a few organizations have e.g. accounting agencies that they employ. The system also allowed the admin user of the customer to authorize an employee of an accounting agency to represent them in the tax admininistration online services, in different roles if needed.


Today practically all organizations that have a valid VAT number use this system to report taxes. Because the system was built using a role based approach and features were kept generic enough, it soon became apparent that the KATSO system is highly attractive to other government agencies as well. Today there are over 100 different e-government services connected to this system.

I was enjoying the benefits of it just two weeks ago – I needed to renew my passport and went to have my passport photo taken. Photoshops can upload passport photos to the government system immediately (authenticated and authorized properly using our system), and I got a unique reference string as a text message. Using this reference, I attached my photo to the online renewal request and the passport was delivered to the post office near me after 5 days for pickup. Naturally this requires that my biometric data has been recorded previously (as it was). This is somewhat easier compared to the horror stories I heard from a couple of nice Irish gentlemen a month ago.

Similarly, we have seen that more and more companies gain huge benefits from CIAM. Another one of our customers needed to move to the digital age. They require quite large amounts of raw material for their products (forest industry group) – wood. They have over 100 000 member-owners, who own plots of land. Our customer created the worlds’ first online forest asset management solution through which their member-owners can manage (caretaking, inventory, planning, tax reporting), evaluate and sell their assets (forest). This wouldn’t have been possible without CIAM. Forest is a valuable asset and you need strong authentication for both during registration and use of the service, but in many cases plots of land have multiple owners (inheritance, family lands, co-ops etc). Our system allowed our customer to create an online solution where the owners could appoint a caretaker, ask for quotes for services, approve transactions such as selling of an asset and more.

Customer IAM – we’ve been doing this already for a decade. The solutions our customers have deployed have won awards and are tried and tested in the field of fire. Our customers have created world firsts, reached strategic goals and generated huge cost savings through our CIAM. We know what we’re doing.

What are you waiting? Contact us now and we will help you leapfrog your competition in no time.

No Comments

Post A Comment