Identity as a Service:White paper

Elastic scaling

IDaaS CIAM handles user bases ranging from thousands to hundreds of millions. It scales up and down automatically without over-provisioning resources.

MAU-based pricing

Billing is based on Monthly Active Users (MAU) — the number of users who actually interact with your service in a given month. If your system holds large amounts of inactive data or your service sees infrequent usage, MAU pricing keeps costs fair and reasonable.

Always current

Customers on the public cloud receive vulnerability patches and new features automatically, without migration or upgrade work. Security compliance requirements are addressed as soon as they emerge.

Launching new customer-facing apps

When releasing a new mobile app, mini program, or H5 site, identity requirements become visible to teams across the organization at the same time. Starting with CIAM from day one breaks identity silos before they form, rather than inheriting them later.

Reducing registration drop-off

Poor registration flows directly erode conversion. Common problems include:

• No account recovery path — no password reset, no alternative authentication method, no social login option.

• Excessive upfront data collection — according to a Forrester report, 11% of new users abandon critical actions (payments, orders) because registration is too complex. In China, we estimate this figure to be close to 20%.

• One-time password (OTP) delivery failures — verification codes that expire before delivery, or carrier congestion blocking SMS entirely.

• Peak traffic failures — in retail, travel, and healthcare, unavailability at the most critical moments causes lasting damage to user trust.

Accelerating time to market

Building identity infrastructure from scratch — getting authentication, scalability, and security right — consistently exceeds estimates and budgets. IDaaS CIAM integrates with your apps and other business systems so product teams can focus on core features, with identity, registration, and login fully operational from day one.

Identity consolidation

Fragmented user experience, inconsistent marketing data, and chaotic internal records often trace back to accumulated identity silos. IDaaS CIAM provides a complete set of tools to consolidate identities and keep the customer identity system clean, accurate, and trustworthy.

Account deduplication (account merging)

When identity silos already exist across multiple systems, merging records carries the risk of unintended data changes. IDaaS presents users with a list of suspected duplicate accounts and lets them confirm which records to merge — making the process safe and user-driven.

Zombie account cleanup

Long-lived systems accumulate fake and inactive zombie accounts that occupy unique resources (usernames, phone numbers) and skew customer analytics. IDaaS provides tools to identify and clean up zombie accounts, removing the historical burden that makes accurate user data impossible.

User synchronization

Large enterprises often have a "fragmented" identity landscape, with each customer touchpoint managing its own user records. IDaaS gradually consolidates active, verified account data through user synchronization and lazy loading as users use the system, laying the groundwork for decommissioning legacy systems without a disruptive cutover.

User self-service

As user volume grows, effective self-service reduces the operational cost of human intervention. Self-service covers the full account lifecycle: password reset, account lockout, OTP verification, identity verification, multi-factor authentication (MFA), social login management, credential changes, account deletion, and activity log access.

Progressive profiling

Collect only what you need, when you need it:

• Identity information at login

• Shipping address and preferences at checkout

• Payment information at the point of purchase

• Identity verification when accessing advanced features

Asking for everything upfront triggers abandonment. Progressive profiling builds a complete user profile incrementally, at natural moments in the user journey — without friction at the start.

Performance and availability

A CIAM product that meets functional requirements but fails under real traffic conditions is destructive to marketing campaigns and customer trust. For most vendors, handling functional correctness is straightforward; handling performance at scale is structural and non-obvious. IDaaS CIAM is built with the experience and architecture to handle large data volumes and rapidly shifting traffic, sustaining availability when it matters most.

Account security

When account compromise causes financial loss, users blame the service provider. IDaaS provides multi-factor authentication (MFA) based on dynamic environmental signals, combined with risk policies covering accounts, passwords, and IP addresses. When anomalous activity is detected, IDaaS triggers step-up authentication to verify the user is legitimate — reducing the risk of loss after account theft.

Advanced security features - user behavior analysis

IDaaS's risk control component makes identity risk visible and actionable. The system builds a behavioral model for each customer using core parameters including IP, login location, commonly used devices, and access time periods. Tailored to each individual, policies are applied according to the person, allowing diverse customer usage habits to coexist in the system without conflict. When an authentication request deviates from the established pattern, the anomaly is surfaced to the calling application, which can then trigger account lockout, brute force protection, or step-up authentication as appropriate.

Advanced management features - consent management and terms management

In enterprise systems, consent and terms records are typically scattered across independent systems — making it nearly impossible to determine exactly which version of which terms a customer accepted, and when. IDaaS provides a unified mechanism for managing and synchronizing consent records and terms across all touchpoints, eliminating consent silos.

CIAM will also ensure that customers who use our services to manage identities will have no compliance issues in the face of the Personal Information Protection Law (PIPL), Data Security Law (DSL), and other regulations — now and as requirements evolve.