Customer identity and access management (CIAM)
Build and customize a CIAM solution that scales securely to millions of users
Why CIAM?
Benefits
Scalable, developer-centric services
Use Amazon Cognito to create a secure and resilient user directory that scales to millions of users and is fully managed for faster set up without standing up server infrastructure. AWS offers a built-in user interface and configuration for federating identity providers. You can add user sign-up, sign-in and access control to your customers-facing applications in minutes.
Reduce friction with social and federated login
App users can sign in through social identity providers such as Google, Facebook, and Amazon, and through federated identity providers via SAML, without having to create and remember additional passwords. Rely on standards-based customer identity solutions and identity and access management standards, such as OAuth 2.0, SAML 2.0, and OpenID Connect.
Implement secure and compliant authentication
Enable multi-factor authentication (MFA) for your customers, encrypt data at rest and in transit, and protect against web vulnerabilities with native integrations. AWS Identity Services helps you meet multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants.
Fine-grained authorization
Use Amazon Verified Permissions to create application-wide policies from templates, enforce access controls within the applications you develop, grant user permissions to access data and resources within custom applications, and centralize policy administration from one place. The fine-grained authorization you define within applications is completed in milliseconds, providing real-time evaluation decisions.
Featured resources
Customer identity and access management capabilities on AWS
You can scale up authentication and authorization for your applications to millions of users, apply frictionless self-registration and adaptive authentication, and enforce fine-grained access on application resources. AWS supports industry standard protocols, such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and OAuth 2.0 identity providers. With AWS, you can connect and integrate with other AWS services, integrate with development tools, and add security and monitoring that help you protect your applications and customers.
Flexible authentication capabilities
Build sign-up and sign-in with a hosted UI, add MFA to the web and mobile applications you build, and control application access to server-side resources. Give your customers flexibility in authentication through social or a federated identity provider and apply fine-grained access controls to identities and resources.
Multi-tenancy options
You can use a variety of multi-tenancy options that provide different policy and tenant isolation for your business. You can choose to reuse application integrations, access and password policies, or enforce complete tenant isolation.
Advanced security
Create secure, frictionless experiences with risk-based adaptive authentication, identify compromised credentials for customers, and monitor user events like account takeover risks. Block bots and malicious actors based on Amazon threat intelligence, lists of known threat actors, and attack request patterns.
Fine-grained access
Gain secure, role-based or attribute-based access to AWS services, such as Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, and AWS Lambda. You can grant your users and applications limited access to AWS services through temporary credentials. You can centralize fine-grained authorization for the applications you build with policy stores and define an authorization model that fits your application needs.