Skip to main content

AWS Identity

Why CIAM?

Every organization across every industry is moving towards transforming how they do business with their customers. Customer identity and access management (CIAM) on AWS help provide differentiated customer experiences, including frictionless sign-up and sign-in, advanced security features, and federation with open identity standards. AWS gives you the capabilities to manage your customer's personalized experiences across web and mobile applications.

Benefits

Use Amazon Cognito to create a secure and resilient user directory that scales to millions of users and is fully managed for faster set up without standing up server infrastructure. AWS offers a built-in user interface and configuration for federating identity providers. You can add user sign-up, sign-in and access control to your customers-facing applications in minutes.

App users can sign in through social identity providers such as Google, Facebook, and Amazon, and through federated identity providers via SAML, without having to create and remember additional passwords. Rely on standards-based customer identity solutions and identity and access management standards, such as OAuth 2.0, SAML 2.0, and OpenID Connect.

Enable multi-factor authentication (MFA) for your customers, encrypt data at rest and in transit, and protect against web vulnerabilities with native integrations. AWS Identity Services helps you meet multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants.

Use Amazon Verified Permissions to create application-wide policies from templates, enforce access controls within the applications you develop, grant user permissions to access data and resources within custom applications, and centralize policy administration from one place. The fine-grained authorization you define within applications is completed in milliseconds, providing real-time evaluation decisions.

Customer identity and access management capabilities on AWS

You can scale up authentication and authorization for your applications to millions of users, apply frictionless self-registration and adaptive  authentication, and enforce fine-grained access on application resources. AWS supports industry standard protocols, such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and OAuth 2.0 identity providers. With AWS, you can connect and integrate with other AWS services, integrate with development tools, and add security and monitoring that help you protect your applications and customers.

Build sign-up and sign-in with a hosted UI, add MFA to the web and mobile applications you build, and control application access to server-side resources. Give your customers flexibility in authentication through social or a federated identity provider and apply fine-grained access controls to identities and resources.

You can use a variety of multi-tenancy options that provide different policy and tenant isolation for your business. You can choose to reuse application integrations, access and password policies, or enforce complete tenant isolation.

Create secure, frictionless experiences with risk-based adaptive authentication, identify compromised credentials for customers, and monitor user events like account takeover risks. Block bots and malicious actors based on Amazon threat intelligence, lists of known threat actors, and attack request patterns.

Gain secure, role-based or attribute-based access to AWS services, such as Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, and AWS Lambda. You can grant your users and applications limited access to AWS services through temporary credentials. You can centralize fine-grained authorization for the applications you build with policy stores and define an authorization model that fits your application needs.