Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

8 Terms Every Business Should Know When Developing a Customer Identity Management Strategy

Advances in marketing technology and databases have fundamentally changed how businesses learn about consumers and maintain relationships with their customers. The more brands are able to understand about their customers on a granular level, the more effective they are at marketing to said customers. This granular level of understanding is achieved by accessing and leveraging the valuable data housed within a user’s online identity.

Customer identity data is the foundation for modern marketing. When users register or log in on websites and applications, using either traditional registration or social authentication, they self-identify, giving businesses permission-based access to rich, first-party data. This data, in turn, provides IT and marketing professionals with the groundwork they need to learn about users across devices and touchpoints, produce more relevant marketing messaging, and attain better marketing results.

Having the ability to manage customer identities and build complete user profiles is crucial to data-driven marketing, and organizations must have an understanding of certain technical terms in order to develop a successful customer identity management strategy. Let’s dive into some of those terms.


Authentication is the process of ensuring and confirming an end user’s identity. Commonly enforced with a username and password, authentication answers the question, “Who are you?” Social Login, or the use of any third-party identity provider such as Facebook, Amazon, or PayPal, is an alternative and faster method of identity confirmation.


Dynamic Schema Database

A dynamic schema database not only allows data to be stored without the need for a predefined structure, but also enforces data storage rules when a schema has been defined. Dynamic schema databases can seamlessly process massive amounts of structured and unstructured user data in an optimized way. For example, in addition to housing relational data points with only one corresponding entry such as first name, zip code, and birth year, dynamic schema databases can also normalize and store unstructured social identity data such as likes, interests, and occupations.



Federation allows users to use an identity from one site to seamlessly access sites that belong to a partnering company or organization. Federation creates a smooth experience across web properties with disparate databases, reduces barrier to entry, and prevents the need for re-authentication. For instance, a user may need to order new checks from his or her bank. Federation allows the user to access the bank’s website, as well as the check-ordering system, without the need for separate login credentials. Federation also eases the adoption of SaaS services through SSO (Single Sign-On).


OAuth is the authorization protocol that allows a third-party website or application to access a user’s data without the user needing to share login credentials. OAuth is different from OpenID and SAML in being exclusively for authorization purposes and not for authentication purposes. An example of OAuth being applied would involve a website or mobile application accessing “likes” from Facebook (the user grants permission to allow this to happen). OAuth enables users to share their data stored on one site with another site under a secure authorization scheme.


OpenID is an authentication protocol that allows a user to log in once and access multiple, disparate websites. OpenID is sponsored by Facebook, Microsoft, Google, PayPal, Symantec, and Yahoo, and is often used in conjunction with OAuth.

SAML (Security Assertion Markup Language)

SAML is a security standard that verifies a user’s identity and determines authorization by connecting the end-user with identity providers and service providers. After authenticating with the identity provider, the user has access to multiple applications and/or sites due to a previously defined trust relationship. SAML requires the service provider and identity provider to be configured and introduced first.

Single Sign-On (SSO)

Single Sign-On is an authentication process that allows a user to access multiple sites/applications with one set of login credentials. SSO can take a few forms:

  • As a single identity that can be used as an individual login on different sites. For example, Facebook can be used as a login mechanism on different sites, but logging into one site does not mean it is recognized on any other site.
  • As a single identity that can be recognized across related sites. The identity can be used within the same session across different sites (i.e., different branded sites within one corporate group). For example, a user that logs in with Facebook on one site will automatically be recognized as he or she navigates to other sites within the site group.

Two-Factor Authentication

Two-Factor Authentication is a security mechanism that requires a user to authenticate with two types of credentials. It ensures the validity of a user’s identity and minimizes account phishing by adding an additional authentication step during the login process. For example, a user can be sent a verification code via SMS during the login process.


These are just a few of the terms brands should be aware of when evaluating customer identity management platforms and establishing an identity management strategy. To learn more about how customer identity management can benefit your business, request a demo here.

– Reeyaz Hamirani, Corporate Communications Manager

By Reeyaz Hamirani

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.