The Importance of Custom Domains in CIAM/IAM System Migration and Selection: A Look at cidaas
When integrating a modern Customer Identity and Access Management (CIAM) or Identity and Access Management (IAM) system, such as cidaas, the choice of domain plays a crucial role. This is especially true during the migration from existing systems or the initial setup of an instance, where careful consideration of the domain strategy is essential. In this post, we will explore why a custom domain is important and what factors should be taken into account when selecting and migrating a domain.
Standard Domain vs. Custom Domain
When an instance is created in cidaas, a domain like customername-prod.cidaas.eu is assigned by default. This domain is used for all web applications and APIs, including login pages, registration, and password recovery. However, this standard domain can create trust issues for users, particularly if they are accustomed to using a domain like customername.de. Users expect that all security-related pages and services will be accessible under a familiar domain.
To address this and build user trust, it is advisable to use a custom domain, such as account.customername.de, login.customername.de, or auth.customername.de. This tailored domain not only enhances brand recognition but also provides a more secure and user-friendly experience.
Impact on the User Experience
In addition to brand recognition, the choice of domain is also important from a technical perspective. Browsers and other tools, such as password managers, rely on the domain to store session cookies (mandatory for SSO) or save login credentials. When the domain is familiar, users can manage their passwords more securely and with greater ease.
On the other hand, a domain that does not match the user’s expectations can cause confusion and undermine confidence in the system's security. Particularly if an unfamiliar or insecure domain appears, users might suspect they are on a phishing site.
Migration and Handling the Domain
Another key aspect of domain selection is the migration from an existing system to cidaas. In many cases, it is beneficial to retain the domain of the old system in order to make the transition as seamless as possible for users. The advantage of this approach is that password managers will continue to autofill credentials in the new system, meaning users will not have to make any adjustments.
However, a domain change can lead to problems. Users who have stored their login credentials in their password managers but don’t know their passwords might have to reset them, as the password manager will no longer have credentials for the new domain. This not only causes inconvenience for users but can also increase support requests.
Conclusion: The Right Domain Choice is Crucial
The choice of domain in a CIAM/IAM system is not just a matter of brand identity but also a question of security and user experience. A custom domain that aligns with the company's brand fosters trust and simplifies the management of login credentials and session cookies. When migrating from legacy systems, it is ideal to retain the existing domain to optimize user experiences such as password storage and login processes, minimizing inconvenience.
In cidaas, setting up a custom domain is easy. In our cspace, we provide the option to specify a domain and upload the associated certificate. Don’t have a certificate? No problem, we can generate one via Let’s Encrypt. Here’s how to do it -> Link to cspace documentation