Customer identity and access management (CIAM)

Build and customize a CIAM solution that scales securely to millions of users

What is customer identity and access management on AWS?

Every organization across every industry is moving towards transforming how they do business with their customers. Customer identity and access management (CIAM) on AWS help provide differentiated customer experiences, including frictionless sign-up and sign-in, advanced security features, and federation with open identity standards. AWS gives you the capabilities to manage your customer's personalized experiences across web and mobile applications.

Managing Customer Identity at Scale: Strategies and Lessons from NHS Login (24:11)


Get started quickly with scalable, developer-centric services

Use Amazon Cognito to create a secure and resilient user directory that scales to millions of users and is fully managed for faster set up without standing up server infrastructure. AWS offers a built-in user interface and configuration for federating identity providers. You can add user sign-up, sign-in and access control to your customers-facing applications in minutes.

Reduce friction with social and federated login

App users can sign in through social identity providers such as Google, Facebook, and Amazon, and through federated identity providers via SAML, without having to create and remember additional passwords. Rely on standards-based customer identity solutions and identity and access management standards, such as OAuth 2.0, SAML 2.0, and OpenID Connect.


Implement secure and compliant authentication

Enable multi-factor authentication (MFA) for your customers, encrypt data at rest and in transit, and protect against web vulnerabilities with native integrations. AWS Identity Services helps you meet multiple security and compliance requirements, including those for highly regulated organizations such as healthcare companies and merchants.  

Fine-grained authorization for the applications you build

Use Amazon Verified Permissions to create application-wide policies from templates, enforce access controls within the applications you develop, grant user permissions to access data and resources within custom applications, and centralize policy administration from one place. The fine-grained authorization you define within applications is completed in milliseconds, providing real-time evaluation decisions.  

Overview on CIAM

What is Customer IAM (CIAM)?

Learn more about the fundamentals of customer identity and access management and how it compares to workforce identity solutions, core capabilities, and more.

Learn more >>


CIAM for your app in one hour

Watch this session to learn how to manage identity for your customer-facing applications and give users a frictionless sign-up and sign-in experience.  

Watch now >>


Migrating to Amazon Cognito

In this session, learn about options and best practices, as well as lessons learned from Fandango’s migration to Amazon Cognito.

Watch now >>

Customer identity and access management capabilities on AWS

You can scale up authentication and authorization for your applications to millions of users, apply frictionless self-registration and adaptive  authentication, and enforce fine-grained access on application resources. AWS supports industry standard protocols, such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and OAuth 2.0 identity providers. With AWS, you can connect and integrate with other AWS services, integrate with development tools, and add security and monitoring that help you protect your applications and customers.

Flexible authentication capabilities for applications at scale

Build sign-up and sign-in with a hosted UI, add MFA to the web and mobile applications you build, and control application access to server-side resources. Give your customers flexibility in authentication through social or a federated identity provider and apply fine-grained access controls to identities and resources.  

Support for multi-tenant cloud-based applications

You can use a variety of multi-tenancy options that provide different policy and tenant isolation for your business. You can choose to reuse application integrations, access and password policies, or enforce complete tenant isolation.

Advanced security to protect your customers and applications

Create secure, frictionless experiences with risk-based adaptive authentication, identify compromised credentials for customers, and monitor user events like account takeover risks. Block bots and malicious actors based on Amazon threat intelligence, lists of known threat actors, and attack request patterns.  

Fine-grained access for your customer-facing applications

Gain secure, role-based or attribute-based access to AWS services, such as Amazon Simple Storage Service (Amazon S3), Amazon DynamoDB, and AWS Lambda. You can grant your users and applications limited access to AWS services through temporary credentials. You can centralize fine-grained authorization for the applications you build with policy stores and define an authorization model that fits your application needs.   

Identity services and solutions for your customer applications

Amazon Cognito Secure, frictionless customer identity and access management that scales
Amazon Verified Permissions Fine-grained permissions and authorization for the applications you build
Cedar A language for defining permissions as policies, which describe who should have access to what.