Thales Blog

Fine-grained Authorization: Protecting and controlling user access in a digital-first world

June 9, 2023

Ward Duchamps Ward Duchamps | Director of Strategy and Innovation CIAM, Thales More About This Author >

Strong and flexible customer authentication is a key driver for adopting a customer identity & access management (CIAM) solution, with customer experience and security being the apparent benefits. On the other side of the same coin, authorization is becoming a core capability prompting leaders to adopt more advanced CIAM solutions.

And the reason is this: Fine-grained authorization allows you to enable and scale user collaboration, control or grant access to digital services and applications on a granular level. Let’s unwrap this concept.

But before we dive deeper, we should clear the fog about two interchangeable CIAM terms, authentication and authorization.

Authentication vs. Authorization

Authentication is the foundation of any access request and validates that users are who they claim to be. In some instances, systems require successful verification of multiple factors before granting access. This multi-factor authentication (MFA) requirement often deploys to increase security when accessing critical and sensitive systems and data.

Authorization, on the other hand, is giving the user permission to access a specific resource, service, application or function. In secure environments, authorization must always follow authentication, and customers should prove their genuine identities before being granted access to the requested resources.

In a nutshell:

  • Authentication verifies identities
  • Authorization grants (or denies) permissions

Simplify and secure access to sensitive data

Now that this mix-up is clarified, let's look at how CIAM enables seamless authorization in a banking scenario without compromising data security or customer experience.

Authorization manages a complex web of rule-based access policies to grant users access to services and data. Granting these permissions should be a painless, developer-friendly task that, on the other side, translates into frictionless, secure, and uninterrupted customer experiences.

In the past, banks always required tedious identification and unfriendly multi factor authentication (MFA) processes before users could get access to any data.

Today, banks can be more open and transparent. Sharing information without stringent security constraints, but simply by leveraging an authorization decision from an authorized stakeholder, e.g., the broker. Once their identity has been validated, customers are authorized to access their banking information based on the customer profile and preferences maintained by the bank.

As evidenced, authentication and authorization in banks work in tandem to provide the returning customer the ease and protection required to access their financial data. CIAM helps all organizations simplify and secure access management. Besides offering an excellent customer experience, the benefits of a fine-grained authorization include privacy, security, and a trusted relationship between the bank and the customer.

Personalized banking through stakeholder authorization

Besides direct customer authorization, CIAM facilitates straightforward and compliant access to customer data to authorized stakeholders.

With stakeholder authorization, banks can make it easier for users to give certain companies or people like family members or accountants restricted or rule-based access to their accounts to help them manage their daily finances.

For instance, a user could wish to restrict access to some accounts while granting their spouse access to their other bank account to manage shared expenses. The user might also wish to provide their financial adviser access to their investment accounts.

With this level of personalization, the complete banking experience may be enhanced and improved. As such, externalized authorization has also emerged as a crucial pillar of the whole user experience – and a key pillar for modern banking.

The same is true for healthcare

Digital healthcare has become the new normal, and patients expect their data and transactions to be available to themselves and other healthcare providers. At the same time, they want their information to be secure and private, whether they are using their phone, laptop, or tablet. Enabling doctors, therapists, nurses, and other practitioners to view and track their overall health over time may provide them with higher-quality, holistic medical care.


Authorization follows authentication and offers customers unique, personalized experiences help them to build a trusted relationship with your business. On the other hand, companies like banks and healthcare providers benefit from fine-grained and compliant access to customer data by increasing revenue, expanding their customer base, and protecting themselves and their loyal customers against fraud and credential theft.

Want to learn more?

Watch our on-demand webinar where we drill deeper into the value-driven concept of fine-grained authorization and CIAM. Alternatively visit our website to learn how Thales streamlines authorization to facilitate seamless and secure experiences in a digital first world.