SAP Customer Identity

What Spadoom delivers

Identity management is infrastructure. Getting it wrong costs you twice: lost conversions at registration and legal exposure when consent is not captured correctly.

Spadoom is an SAP Gold Partner with offices in Switzerland, Germany, Italy, Austria, and Estonia. We implement SAP Customer Identity for companies that need registration, login, and consent management integrated with their SAP CX stack. Our team delivers on-site across the DACH region and Northern Italy. No offshore handoffs.

Common scenarios we handle:

• A retailer deploying SAP Commerce Cloud who needs a proper login and consent system from day one
• A B2B distributor replacing a custom-built registration flow that has become a maintenance burden
• A brand operating multiple regional web properties that need unified identity across countries
• A company preparing for Swiss nDSG or EU GDPR audits and discovering that their consent records are incomplete

Our delivery follows the SAP Activate methodology — five phases from discovery through hyper-care — adapted for identity projects. Every implementation includes screen-set configuration, consent flow design, integration setup, and end-user testing with your legal and marketing teams.

For a broader look at how SAP’s identity and data tools fit together, our overview of SAP Customer Data Cloud covers the full CDC landscape — including where CIAM sits within it.

ROI you can measure

Identity is not a cost centre. A well-implemented CIAM deployment produces measurable returns across three areas.

Registration conversion. Social login and progressive profiling reduce friction at the point of registration. Typical results: registration completion rates increase by 30–50% when you replace a 12-field form with social login plus two or three essential fields. Every percentage point of registration improvement feeds directly into your addressable customer base.

Consent compliance rates. With SAP Customer Identity, consent capture is part of the registration flow — not an afterthought pop-up. Clients who move from a generic cookie banner to a structured consent flow see opt-in rates for marketing communications reach 60–75%. Higher opt-in means a larger audience for Emarsys campaigns and better data quality in your Customer Data Platform.

Support ticket reduction. Self-service password reset, SSO, and clear account management screens eliminate the most common identity-related support requests. We typically see a 40–60% drop in “I can’t log in” tickets within three months of go-live. That is real time returned to your support team.

The compliance layer

Consent management is where legal and engineering intersect. You need consent records that are timestamped, versioned, and auditable. You need them synchronised to every system that uses them. And you need opt-out to propagate reliably — not on the next batch run, but immediately.

The consent vault. SAP Customer Identity stores every consent event with a timestamp, the exact wording shown to the customer, and the version of your privacy policy at the time. This is what auditors ask for. Without it, you are guessing.

Granular consent types. We configure separate consent categories: email marketing, SMS, data processing, third-party data sharing, profiling. Each consent is independent. A customer can opt into email but decline profiling. The system enforces this distinction downstream.

Downstream propagation. When we connect SAP Customer Identity to SAP Customer Data Platform and Emarsys, consent changes propagate in real time. A customer revokes marketing consent at 14:07. By 14:07, Emarsys stops sending. No batch delay. No manual suppression list. This is not optional for GDPR and nDSG compliance — it is the requirement.

Swiss nDSG specifics. The revised Swiss Federal Act on Data Protection (nDSG), in force since September 2023, requires documented consent for certain data processing activities. SAP Customer Identity’s consent vault meets this standard. We configure it to capture and store the specific legal basis for each processing activity, which matters if your DPO is ever asked to produce records.

The consented profile data that flows into CDP then powers segmentation and personalisation. Our deep dive into SAP Customer Data Platform explains how that works in practice.

Progressive profiling in practice

Asking for 15 fields on a registration form is a conversion killer. Progressive profiling is the alternative: collect data gradually, across multiple sessions, based on what you actually need at each stage.

How it works. On the first visit, you capture email and a password (or social login — no password at all). On the second login, you ask for company name and role. After the third purchase, you ask for communication preferences. SAP Customer Identity manages this logic through configurable screen sets. Each screen set defines which fields to show, when to show them, and what triggers the next step.

The impact on conversion. Reducing registration fields from 10+ to 3 typically lifts completion rates by 30–50%. That is not a theoretical number. We measure it on every project by comparing pre- and post-implementation registration funnels.

Data quality improves too. When you ask for information at the right moment, customers give you accurate answers. A job title provided during a product demo request is more reliable than one filled in during a rushed checkout. Progressive profiling gives you better data, not just more data.

Configuration, not code. SAP Customer Identity’s screen-set editor lets you adjust profiling flows without developer involvement. Marketing can add a field. Legal can require a new consent checkbox. Neither needs a release cycle to make it happen.

B2B identity specifics

B2B identity is more complex than B2C. You have company accounts with multiple users, varying permission levels, and approval workflows that differ by customer.

Delegated administration. SAP Customer Identity supports a hierarchy: organisation, then groups, then individual users. A company admin can invite new users, assign roles, and deactivate former employees — without contacting your support team. This is table stakes for B2B portals with more than 50 buyer accounts.

Role-based access. Different users within the same company need different access. A procurement manager sees pricing and can place orders. A technical user sees documentation and support tickets. An executive sees reporting dashboards. We configure these roles in SAP Customer Identity and enforce them across your commerce and service portals.

Account approval workflows. Not every self-registered user should get immediate access. For B2B, we configure approval workflows where a new registration triggers a review by the account owner or your internal sales team. The user gets notified when access is granted. No manual email chains.

Integration with B2B Commerce. When paired with SAP Commerce Cloud, delegated admin maps directly to the commerce organisation model. Buyers see their company’s negotiated pricing, order history, and credit limits. Identity and commerce stay in sync without custom middleware.

If your B2B portal currently requires a support ticket to add a new buyer, this is worth looking at.

SSO and passwordless authentication

Passwords are the weakest link in customer identity. They get forgotten, reused, and stolen. SAP Customer Identity gives you alternatives.

Single sign-on (SSO). One authentication event covers every connected property — web store, mobile app, support portal, partner portal. Customers authenticate once. Your systems share the session. You stop managing multiple identity stores, and customers stop resetting passwords across five different sites.

Social login. Google, Apple, LinkedIn, and Microsoft login integrations ship out of the box. Adding a social login provider takes hours, not weeks. The benefit: verified email addresses from day one and registration completion rates that are 2–3x higher than traditional email-and-password forms.

FIDO2 and WebAuthn. Passwordless authentication using device biometrics (fingerprint, face recognition) or hardware security keys. SAP Customer Identity supports FIDO2/WebAuthn for customers who want the highest security without the friction of typing passwords. Adoption is growing fast — especially on mobile devices where biometric authentication is already the default.

Risk-based MFA. Not every login needs a second factor. SAP Customer Identity evaluates login context — device, location, time of day, IP reputation — and triggers step-up authentication only when risk indicators appear. A returning customer on their usual laptop gets straight in. The same account logging in from a new country at 3 AM gets prompted for a verification code. Security that adapts to the situation, not a blanket policy that frustrates everyone.

The integration advantage

SAP Customer Identity is most valuable when it connects to the rest of your stack. Identity data in isolation is a directory. Identity data connected to commerce, marketing, and service becomes a growth driver.

SAP Commerce Cloud. CIAM provides the registration, login, and consent layer for your storefront. Customer identity flows into Commerce Cloud’s customer model. One account, one login, one set of preferences — whether the customer is on your B2C webshop or your B2B ordering portal. Read more about SAP Commerce Cloud.

Emarsys. Consent captured in CIAM determines what Emarsys can send and to whom. Profile data collected through progressive profiling enriches Emarsys segments. When a customer updates their preferences in CIAM, Emarsys reflects the change in real time. This connection is what makes compliant personalisation possible. Read more about Emarsys.

SAP Customer Data Platform. CIAM feeds first-party identity data into CDP. CDP stitches it with behavioural data from web, app, and offline sources to build a unified profile. Without CIAM as the identity source, CDP is working with anonymous fragments. Read more about SAP CDP.

SAP Sales Cloud V2. For B2B use cases, customer identity data from CIAM can inform the CRM. When a buyer registers on your portal, that event can create or update a contact in Sales Cloud. Your sales team sees portal activity alongside pipeline data.

Non-SAP systems. SAP Customer Identity exposes REST APIs, JavaScript SDKs, and webhook events. We have connected it to Salesforce, Shopify, custom-built portals, and third-party analytics platforms. If your system accepts HTTP calls, it can receive identity events.

What good looks like

A well-implemented SAP Customer Identity deployment produces results you can track in the first 90 days:

• Registration completion rates up 30–50% from reduced form friction
• Marketing consent opt-in rates at 60–75% through structured, in-flow capture
• Identity-related support tickets (password resets, login issues) down 40–60%
• Consent audit readiness: every record timestamped, versioned, and retrievable on demand
• SSO adoption above 80% across connected properties within 60 days

Six months after go-live, we review these numbers with you. If your B2B delegated admin is not reducing support load, we adjust the configuration. If progressive profiling is not lifting data completeness, we rework the screen sets. The implementation is not done at go-live. It is done when the metrics prove it works.

Got an identity project to discuss? Talk to us about your requirements — no pitch deck, just a conversation.