CIAM.wiki

Customer data unification and identity resolution

A customer rarely arrives as one clean record. They register on the web, buy in an app, call support, and appear again in a marketing list, often with small differences in each. Customer data unification is the work of resolving those scattered records into a single identity. Both the customer experience and the security decisions made by adaptive authentication depend on it: fragmented data leads to a worse journey and worse risk decisions.

Identity resolution

Deciding which accounts across several directories represent the same person goes by several names: account unification, identity resolution, entity resolution, match-merge. It is harder than it sounds, especially where users were never formally proofed and records carry typos and partial data. Migrating onto a new platform usually forces this work, and one CIAM-specific detail matters: whether existing password hashes can be migrated so customers are not all forced to reset. See identity orchestration and migration for the migration mechanics.

CIAM directory vs CDP, MDM, and CRM

A common confusion is whether the CIAM user directory replaces a customer data platform or master data system. It does not, and neither replaces it. They overlap on basic profile data but serve different jobs:

  • The CIAM directory authenticates and authorizes in real time. It is tuned for low latency and constant availability, and it holds credential and authentication state that has no place in a marketing system.
  • A CDP, MDM, or CRM unifies the customer for segmentation, analytics, and marketing, tuned for different volumes and queries.

Plan for bidirectional synchronization between them rather than choosing one. It is common to run many integrations between the CIAM directory and marketing systems, and every one of them must be privacy- and consent-aware: an updated email should only flow to a campaign tool if you hold consent for that use.

The governance layer

Because this is where identity data meets marketing data, it is also where privacy law bites hardest. Carry the attribute together with its provenance and the consent attached to it. See consent and privacy and consent-aware activation, and the marketing case in CIAM for marketing buyers.

What to ask a CIAM vendor

  • What tools does the platform provide for identity resolution and deduplication during migration?
  • Can existing password hashes be imported so customers are not forced to reset?
  • How does the directory synchronize bidirectionally with a CDP, MDM, or CRM?
  • Are those integrations consent-aware, so an attribute only flows where there is a lawful basis?
  • Is attribute provenance and consent state carried alongside the data?

When the same customer spans several brands in a portfolio, resolving them carefully without crossing consent boundaries is also the hard part of multi-brand CIAM.

The buyer takeaway: the CIAM directory is the real-time system of record for identity, not a replacement for your marketing data stack, and the integration between them is where most of the value and most of the privacy risk sit. Map your data flows first, then run the vendor matcher.