CIAM.wiki
Market map

The CIAM Market Map.

The customer-identity landscape for two buyers. The identity and security buyer navigates the upper lanes: prove, authenticate, authorize, consent, and protect. The marketing buyer navigates the activation lanes: CRM, CDP, marketing automation, messaging, and analytics. CIAM and consent are the bridge: the trusted source of identity and permission that the marketing stack activates.

Independent and vendor-neutral. Inclusion is editorial, never paid. For help shortlisting a platform, use the matcher.

Standards bodies

FIDO Alliance

standard
Type:
Industry consortium
Key standards:
FIDO2, WebAuthn, passkeys
Region:
Global

Industry consortium behind the standards for phishing-resistant, passwordless authentication.

For CIAM: Passkeys and WebAuthn are the phishing-resistant direction for CIAM authentication.

Official source →

IETF

standard
Type:
Standards organization
Key standards:
OAuth 2.x, JWT, SD-JWT
Region:
Global

The Internet Engineering Task Force, which standardizes core internet and security protocols.

For CIAM: Home of OAuth 2.x, JWT, and SD-JWT, the token standards underpinning modern CIAM and verifiable credentials.

Official source →

Kantara Initiative

standard
Type:
Non-profit
Key standards:
Identity assurance, UMA, consent receipts
Region:
Global

A non-profit developing identity assurance, consent, and trust frameworks.

For CIAM: Defines identity-assurance certification, UMA, and consent-receipt specifications relevant to CIAM and privacy.

Official source →

NIST

standard
Type:
US government agency
Key standards:
SP 800-63 Digital Identity Guidelines
Region:
US (global influence)

The US National Institute of Standards and Technology, which publishes the Digital Identity Guidelines.

For CIAM: SP 800-63 defines the identity assurance, authentication, and federation levels many CIAM programs are measured against.

Official source →

OASIS

standard
Type:
Standards consortium
Key standards:
SAML 2.0, XACML
Region:
Global

A standards consortium that maintains SAML and XACML.

For CIAM: SAML 2.0 remains a core enterprise SSO protocol; XACML shaped attribute-based authorization.

Official source →

OpenID Foundation

standard
Type:
Non-profit standards body
Key standards:
OpenID Connect, FAPI, OID4VC/OID4VP
Region:
Global

Non-profit body that develops and stewards the OpenID Connect family of identity standards and related profiles.

For CIAM: OIDC is the default protocol for modern CIAM login; OID4VC and OID4VP underpin verifiable-credential issuance and presentation.

Official source →

W3C

standard
Type:
Standards organization
Key standards:
Verifiable Credentials, DIDs
Region:
Global

Web standards body that maintains the Verifiable Credentials data model and Decentralized Identifier (DID) specifications.

For CIAM: Defines the credential and identifier models behind decentralized identity and digital wallets.

Official source →

Regulatory frameworks

48 frameworks on the compliance page →

The regulations and standards that set CIAM's requirements for authentication, consent, and data rights. See all 48 on the compliance page.

Identity proofing

Alloy

Identity decisioning & orchestration

An identity decisioning layer that orchestrates many verification and fraud data sources behind one policy engine.

AU10TIX

Identity verification & document authentication

An AI-powered identity-verification platform automating ID document authentication, biometric checks, and fraud detection for high-volume onboarding.

CLEAR

Reusable biometric identity network

A member-based biometric identity network for physical access, extended to CLEAR1 (formerly CLEAR Verified) for reusable online identity verification.

Daon

Biometric identity verification & authentication

An enterprise identity platform unifying biometric onboarding, proofing, and ongoing authentication across channels.

ID.me

Reusable identity network

A consumer-held digital identity wallet: verify once to NIST IAL2, then reuse that credential across government and commercial relying parties.

Incode

AI identity verification & biometric authentication

An AI-native identity platform that verifies and authenticates people through facial biometrics, liveness, and document checks across the lifecycle.

iProov

Face biometric verification & liveness

Cloud facial-biometric verification with patented liveness that confirms a remote user is the right person, a real person, and present in real time.

Jumio

Document + biometric verification

A long-established identity verification and KYC provider with packaged document plus biometric checks.

Login.gov

Government identity service

The US government's shared sign-in and identity-proofing service: one secure account for the public to access participating federal agencies.

Mitek Systems

Identity verification & fraud defense

A long-public identity verification vendor pairing mobile image capture with document, biometric, and AI fraud-defense checks.

Onfido (Entrust)

Document + biometric verification

Document and biometric verification, now part of Entrust's identity-centric security portfolio.

Persona

Identity verification infrastructure

Configurable, building-block identity verification: a visual workflow builder rather than a fixed KYC product.

Plaid Identity Verification

Identity verification & KYC/AML

A no-code-to-API identity verification and KYC/AML product combining document authentication, liveness, and data checks, built into Plaid's bank-data network.

Prove

Phone-centric identity verification & authentication

Uses mobile-network and phone-number signals to passively verify identity and device possession for onboarding, authentication, and fraud prevention.

Regula

Document authentication & forensic verification

Forensic-grade document authentication backed by one of the largest proprietary document template databases and its own scanning hardware.

Signicat

European digital identity hub

A European identity hub combining identity proofing, national e-IDs, authentication, and electronic signatures behind one integration.

Socure

Predictive analytics identity verification

Predictive, data-and-ML identity verification optimized for the US market and synthetic-fraud detection.

Stripe Identity

Identity verification (document + selfie)

Stripe's embedded identity-proofing product verifying users with a government ID and a live selfie, built on the fraud infrastructure behind Stripe payments.

Sumsub

Full-cycle KYC/AML verification

A full-cycle verification platform spanning onboarding KYC, ongoing AML monitoring, and fraud.

Telesign

Phone-number intelligence & verification

Phone-number intelligence and programmable verification, using global mobile and behavioral signals to score identity risk continuously.

Trulioo

Global identity & business verification

Global person and business verification through a single integration across many data sources.

Veriff

AI identity verification

AI-first document and biometric verification, built for high-volume global onboarding.

Yoti

Reusable digital ID & age assurance

A UK digital-identity provider pairing a free reusable consumer ID app with business identity verification and AI facial age estimation.

Authentication technologies

Corbado

Passkey infrastructure & intelligence

A passkey intelligence layer on top of existing IdPs and CIAM.

Hanko

Open-source passkey authentication

Open-source, passkey-first authentication and user management.

HYPR

Passwordless MFA & identity assurance

Phishing-resistant passwordless MFA with identity verification and risk.

Nok Nok Labs

FIDO passwordless authentication

FIDO co-inventor providing standards-based passwordless authentication.

Passage (1Password)

Passkey-first authentication

Developer-first passkey authentication, now part of 1Password.

Yubico

Hardware security keys (FIDO)

The YubiKey: hardware-based, phishing-resistant FIDO authentication.

Authorization & policy

Amazon Cedar

Open-source authorization policy language

AWS's open-source policy language for fine-grained authorization, powering Amazon Verified Permissions.

Authress

Authorization & access-control API

A cloud authorization and access-control API for application developers.

AuthZed (SpiceDB)

ReBAC authorization (Zanzibar)

The company behind SpiceDB, an open-source Zanzibar-inspired ReBAC database, with a managed cloud.

Cerbos

Stateless authorization (PDP)

A stateless, self-hostable policy decision point for application authorization.

OpenFGA

Open-source fine-grained authorization (ReBAC)

CNCF open-source relationship-based authorization in the Google Zanzibar style, originated at Auth0.

Oso

Authorization as a service

Authorization for application developers, from an open library to the managed Oso Cloud.

Permit.io

Full-stack authorization platform

Full-stack authorization layering a management UI and APIs over standard policy engines.

Topaz (Aserto)

Open-source authorization (RBAC/ABAC/ReBAC)

Open-source authorizer pairing OPA policy with a Zanzibar-style relationship store, plus a commercial control plane.

CIAM platforms

35 platforms in the directory →

The platforms that bundle authentication, sessions, and a user store. Browse all 35 with full profiles in the vendor directory.

Identity orchestration

IndyKite

Identity knowledge graph

Identity-powered data platform that unifies identity and business data in a knowledge graph.

Radiant Logic

Identity data fabric

Identity data unification and virtualization across fragmented sources (RadiantOne).

Strata Identity

Identity orchestration (multi-cloud)

Vendor-neutral identity orchestration that decouples apps from identity providers.

Consent & privacy

Didomi

Consent & preference management

Consent and preference management with a customer-preference focus.

Ketch

Data permissioning & consent

Programmatic data permissioning and consent for privacy and AI-ready data.

OneTrust

Privacy, consent & governance platform

The category giant: consent, privacy operations, and data governance in one platform.

Securiti (Veeam)

Data privacy, security & governance

A unified data command center spanning privacy, security, and AI governance.

Transcend

Privacy & data-rights automation

Privacy infrastructure that automates data subject rights and consent at the data layer.

Usercentrics

Consent management platform (CMP)

A leading consent management platform for web and app, including Cookiebot.

Customer data & identity resolution

Adobe Experience Platform

Enterprise CDP / experience platform

Adobe's real-time CDP and data foundation for the Experience Cloud.

Amperity

Identity-resolution-first CDP

AI identity resolution at the core of a customer data platform.

Hightouch

Composable / warehouse-native CDP

Composable CDP that activates the data warehouse without copying data.

LiveRamp

Identity resolution & data collaboration

Public identity-resolution and data-connectivity platform (RampID).

mParticle (Rokt)

Customer data platform

Real-time CDP orchestrating the customer-data stack, now part of Rokt.

RudderStack

Warehouse-native / open-source CDP

Developer-first, warehouse-native CDP that pipes consented event data to tools.

Salesforce Data Cloud (Data 360)

Enterprise CDP

Salesforce's enterprise CDP that unifies and resolves customer profiles for activation.

Segment (Twilio)

Customer data platform

Market-leading CDP for collecting and routing customer data, part of Twilio.

Tealium

Customer data platform & tag management

CDP and tag management with real-time data collection and identity stitching.

Fraud prevention

Arkose Labs

Bot & account-abuse defense

Bot and account-abuse defense combining risk scoring with adaptive challenges.

Feedzai

AI financial crime & fraud prevention

AI-native financial crime platform for fraud and AML at bank scale.

Sardine

Fraud & compliance platform

Fraud, AML, and compliance in one platform for fintech and high-risk flows.

SEON

Fraud prevention & AML

Digital-footprint and device fraud prevention with AML compliance.

AI risk engines

BioCatch

Behavioral biometrics risk

Behavioral biometrics that score how a user types and moves to detect fraud.

Darwinium

Edge-based AI fraud & risk decisioning

Edge-deployed continuous risk decisioning from the ThreatMetrix founders.

Featurespace (Visa)

Adaptive behavioral risk engine

Real-time adaptive behavioral risk scoring (ARIC), now part of Visa.

Sift

Digital trust & safety (ML risk)

Machine-learning risk scoring across the customer journey for fraud and abuse.

Non-human & agentic identity

Aembit

Workload identity & access management

Secretless workload identity: a policy-driven access layer for service-to-service auth.

Astrix Security

Non-human & AI agent identity security

Discovery and governance of non-human identities and AI agents across SaaS and cloud.

CrowdStrike

Identity security & agentic identity (security platform)

Endpoint and identity security platform extending into non-human and AI-agent identity.

Entro Security (SailPoint)

NHI & secrets lifecycle management

Non-human identity and secrets lifecycle management, now part of SailPoint.

Oasis Security

Non-human identity management

Enterprise non-human identity management across cloud and AI environments.

SPIFFE / SPIRE

Open-source workload identity standard

The CNCF open standard and reference implementation for issuing identity to workloads.

Token Security

Machine-first NHI & agentic AI security

A machine-first, AI-native platform for securing non-human identities and AI agents.

Identity wallet ecosystems

Apple Wallet

wallet
Sponsor:
Apple
Region:
Global
Status:
Live; mDL/state IDs in select US states

Apple's consumer wallet, increasingly holding verifiable IDs and mobile driver's licenses in select regions.

For CIAM: A major consumer credential holder for presenting government IDs at verification time.

Official source →

DigiLocker (India)

wallet
Sponsor:
Government of India (MeitY)
Region:
India
Status:
Live

India's government credential wallet, linked to the Aadhaar identity system.

For CIAM: Holds government-issued credentials Indian services can request and verify, tied to Aadhaar.

Official source →

EU Digital Identity Wallet (EUDI)

wallet
Sponsor:
European Commission
Region:
EU
Status:
Mandated by end 2026
Standards:
ARF, OID4VP, SD-JWT, mDL

The European Digital Identity Wallet each EU member state must offer citizens and residents under eIDAS 2.0.

For CIAM: Buyers serving EU users will increasingly accept EUDI wallet credentials at onboarding and login.

Official source →

Google Wallet

wallet
Sponsor:
Google
Region:
Global
Status:
Live; digital IDs/mDLs in select regions

Google's consumer wallet, adding digital ID and credential support across Android.

For CIAM: A major consumer credential holder for mobile identity presentation.

Official source →

GOV.UK One Login

wallet
Sponsor:
UK Government (GDS)
Region:
UK
Status:
Rolling out

The UK government's single sign-on and digital identity service.

For CIAM: The UK's emerging public digital identity that private services may integrate with over time.

Official source →

Singpass

wallet
Sponsor:
GovTech Singapore
Region:
Singapore / APAC
Status:
Live

Singapore's national digital identity and authentication service.

For CIAM: A national identity that services serving Singapore can accept for high-assurance verification and login.

Official source →

Verifiable credentials & decentralized ID

MATTR

Verifiable credentials infrastructure

Standards-based verifiable credential issuance, holding, and verification APIs.

Procivis

e-ID & verifiable credentials (government)

Swiss e-ID and verifiable-credential infrastructure, backed by Orell Füssli.

SpruceID

Open-source digital credentialing

Open-source, standards-based credentialing including mobile driver's licenses.

Truvera (Dock Labs)

Reusable digital identity (verifiable credentials)

Verifiable-credential infrastructure for reusable digital identity (formerly Dock Certs).

walt.id

Open-source identity & wallet infrastructure

Open-source decentralized identity and wallet infrastructure for developers.

Service partners

Anthropic Identity

IAM implementation & managed services

IAM services firm focused on Okta and Auth0 implementation, advisory, and managed services.

BeyondID

Managed identity services (Okta)

Managed identity-services provider and a top-tier Okta partner.

Deloitte

IAM & CIAM advisory and implementation

A global professional-services firm that designs, implements, and runs IAM and CIAM programs, with a human-centered CIAM practice and reusable accelerators.

Identity Fusion

IAM consulting & managed services

Boutique IAM consultancy delivering digital-identity implementation and managed services.

IDMWORKS

IAM services & consulting

Independent IAM integrator that deploys, manages, and modernizes identity programs.

Optiv

Cybersecurity solutions & IAM services

Broad cybersecurity solutions integrator with a substantial identity services practice.

Simeio

Managed IAM services & orchestration

Large single-source IAM managed-services provider with an orchestration platform.

TechDemocracy

Identity security & managed services

Identity-security services spanning advisory, implementation, and managed services.

CRM

HubSpot

CRM & marketing platform

All-in-one CRM and marketing platform for mid-market; consumes consented contact data.

Microsoft Dynamics 365

CRM & business applications

Microsoft's CRM/ERP suite; pairs naturally with Entra identity and consented profile data.

Salesforce

CRM platform

The dominant CRM; consumes CIAM identity and consent to unify the customer record.

Marketing automation

ActiveCampaign

Marketing automation & email (SMB/mid-market)

Marketing automation, email, and light CRM for SMB and mid-market.

Adobe Marketo Engage

B2B marketing automation

Enterprise B2B marketing automation; activates consented identity and profile data.

Oracle Eloqua

B2B marketing automation

Long-established enterprise B2B marketing automation within Oracle's marketing cloud.

Salesforce Account Engagement (Pardot)

B2B marketing automation

Salesforce's B2B marketing automation (formerly Pardot), native to the CRM.

Email & messaging

Braze

Cross-channel customer messaging

Real-time cross-channel messaging; activates consented profile and event data.

Intuit Mailchimp

Email marketing (SMB)

SMB-friendly email marketing, now part of Intuit's small-business suite.

Iterable

Cross-channel marketing engagement

Cross-channel marketing automation built on unified, consented customer data.

Klaviyo

Email & SMS marketing (ecommerce)

Ecommerce-focused email and SMS marketing on a built-in customer data store.

Analytics

Adobe Analytics

Enterprise digital analytics

Enterprise digital analytics within Adobe's experience stack.

Amplitude

Product & digital analytics

Digital analytics platform unifying behavior on resolved user identity.

Google Analytics 4

Web & product analytics

The default web/app analytics; consent state governs what it may collect.

Mixpanel

Product analytics

Event-based product analytics keyed on user identity.

Customer engagement

Insider

AI customer engagement platform

AI-driven cross-channel engagement on a built-in customer data layer.

Salesforce Marketing Cloud

Enterprise marketing & engagement

Enterprise marketing and engagement suite on the Salesforce platform.

Twilio Segment Engage

CDP-powered engagement

Engagement built directly on the Segment CDP's unified, consented profiles.

Open dataset (CC BY 4.0): CSV JSON