User Directory.
The persistent store of user accounts, credentials, profile attributes, and access state that underlies any CIAM platform — sometimes the CIAM's built-in database, sometimes an external directory (LDAP, AD) the CIAM federates against.
The IdP and the user directory are conceptually distinct: the directory holds the data, the IdP runs the authentication flow on top. In small deployments they're the same thing (Keycloak's built-in user database serving Keycloak's own IdP); in larger deployments they may split (an Okta IdP federating against the customer's Active Directory user store). The architectural decision is often shaped by what the existing user state lives in and whether migrating it is acceptable.
Common questions
Where does the CIAM store user data?
Can I keep my user directory in Active Directory?
What's the difference between an IdP and a user directory?
Related terms
In the guides
B2B SaaS Identity: Organizations, SSO, SCIM, and the Enterprise Sales Checklist
How to design B2B SaaS identity: Organizations, Enterprise SSO with SAML and OIDC, SCIM provisioning, audit logs, and the IT-admin features that close enterprise deals.
What Is CIAM? The Complete Guide to Customer Identity and Access Management
CIAM is the production system that handles registration, login, MFA, profile, consent, and provisioning for the customers of your application — distinct from workforce IAM, which handles employees.