Which one is right for your organization?
Is your organization ready to develop and operate a consumer / client identity and access management system? If so, I envy you.
There are many advantages of Saas or PaaS CIAM services that can’t be ignored. Many companies and organizations aren’t ready to take on the challenge of managing an authentication system and maintaining security and uptime requirements. The cost of operating and hosting this service to ensure the backup and failover are sufficient will be more expensive in the long term compared to most generic SaaS / PaaS solutions today.
Many SaaS or PaaS CIAM solutions have achieved both the economy of scale and community adoption to offer flexible consumption-based pricing with an ecosystem of integrator partners and off the shelf configurations with most leading business applications. This assures your identity team is able to set up your portal without the worry of later configurations as new applications are onboarded.
A leading SaaS CIAM solution can also offer an element of business continuity assurance over hosting your own to ensure your datacenter or cloud infrastructure clients are still able to login or access the portal if there is ever a down-time. while other Saas applications can easily route them to your backup without breaking the authentication.
So when should you host your own?
You should always consider a service unless you have the in-house expertise and your company’s client database (IDP) is of a size that is too cumbersome and must leverage cloud-native scalability and controls. Examples of companies in this category are SaaS providers themselves serving a large consumer community, or have a loyalty program and need to maintain open authentication but still need step-up verification e.g. when redeeming financial rewards.- You are a regulated industry in financial services , insurance, or healthcare that serve many regions or countries and need to maintain different data sovereignty constraints and regional regulatory controls.
- You are a country or state and need to manage a citizen ready digital identity service. Your data is priceless or has national or military consequences.
- You have unique or varied client workflows or authentication journeys. Many SaaS will be unlikely to offer numerous options for your client login experience and prefer to provide an option A or B. Examples of this type would be different domains and login pages based on incoming attributes like IP range or referring domain.
- You need to support 2 person authentication for consent or access to files. Examples of this type are proxy access to financial access, like a trading platform or access to medical applications, or files for minors or protected individuals. You need to offer a self-service solution that allows enrollment of multiple MFA technologies or multiple rival or non-standard providers.
- You need to accommodate hybrid identity on-premises / cloud with failover into different Cloud Services.