What’s OIDC and why should you use it for CIAM?

If you want to streamline and simplify your customer experience - and let’s be honest, who doesn’t - then you need to be using OpenID Connect (OIDC) for your customer identity access management (CIAM).

It’s rare that we, or really any solutions provider, can agree on one standard, but we all pretty much agree that OIDC is the best technology for offering your customers the easiest login options.

What is OpenID Connect (OIDC)?

OIDC is a standard federation protocol for authenticating users within CIAM. Basically, it’s a way of identifying a user without having them create login credentials unique to your system. Instead, you connect to another identity management system and let it do the authenticating for you.

This is super convenient for the customer. And it’s safer for everyone, because the protocol exchanges coded bits of information via a secure server, called an identity provider, behind the scenes so that the sites don’t need to share sensitive authentication credentials.

Your CIAM implementation may already be using older federated protocols like OAuth (aka open authorization) and SAML (aka security assertion markup language), but those protocols are very limited in the use cases they can support. OIDC goes a step further, adding a layer of identity on top and  making it convenient to authenticate a user.

This is why OIDC (which originated about 8 years ago) has quickly become the de facto standard for modern CIAM implementations. Put simply, OIDC offers a better customer experience and better security.

‍

How OpenID Connect (OIDC) works

OIDC is built on OAuth 2.0. The coded bits exchanged via the protocol are known as JSON Web Tokens (JWTs). (SAML, for comparison, uses XML assertions).

Where OIDC outperforms OAuth 2.0 is how it uses the JWTs. Under the more basic OAuth 2.0 protocol, a token is shared between servers, and as long as the token fits, access is granted. OIDC adds a layer of identity on top of OAuth 2.0, allowing it to authenticate users while providing non-repudiation around the user data contained within. This second step greatly increases login security.

Imagine if vending machines only confirmed that the currency inserted was the correct size and material. That’s kind of like OAuth 2.0. With OIDC, the system also reads the bill to confirm the denomination.

If you’re thinking about adding social login options to your site (and there’s good reasons to do so), most of them also use OIDC.  By choosing an OIDC-based CIAM provider, you lighten the lift of sign on with Facebook, Google, Amazon, etc.

Everything just flows.

What makes OIDC so great?

The great thing about OIDC is that it lets you harmonize the user experience across devices. Imagine a customer who filled up a shopping cart on their phone and later wanted to complete the transaction on their tablet. OIDC makes that possible – even effortless.

Better still, with OIDC-based authentication, your brand can access user information and auto-populate the shipping address and other fields based on what’s listed with the social login provider or other service.

And that kind of reduced friction almost always means higher revenue.

Integrating OIDC with CIAM

User experience and security are key components to ensuring the success of any online venture. And your CIAM serves as the connection point between your sales and user experience and security.

OIDC is definitely the new-ish but clearly more awesome kid on the block when it comes to federation standards.  So, if you’re building a new site or app, it’s a no-brainer to use OIDC within your CIAM.

What’s cool about OIDC is that not only does it make your customer experience infinitely simpler – you can create personalized omnichannel experiences. Best of all, OIDC is straightforward to implement.

Wanna see how we do it?

Get in touch with us today to learn how OIDC protocols can enhance your customer sign-in journeys and eliminate some of those pesky keys they’ve been lugging around.