Skip to content
Insights
Request Services
RFP
RFP template · reviewed 2026-05-22

CIAM RFP template — the questions to actually ask

A copy-into-Word RFP scaffold for selecting a CIAM platform (Auth0, Microsoft External ID, Ping, Akamai, WorkOS). Focuses on developer experience + B2B + ATO defense.

Share
We can run this for you

Who uses it

Product engineering / platform leadership at consumer or B2B SaaS companies.

Typical timeline

4-8 weeks RFP → shortlist → POC → award

21 questions across 8 sections. CC BY 4.0 — copy freely.

1. Vendor background

  1. 1.1

    Background, ownership, scale of MAU served.

  2. 1.2

    3-5 reference customers in our model (B2C / B2B / hybrid).

2. Authentication + user flows

  1. 2.1

    Supported authentication factors — password, passkey, social, OTP, SMS, biometric.

  2. 2.2

    Passkey rollout maturity — registration UX, fallback flows, multi-device.

  3. 2.3

    Account recovery flows — what mitigations against social engineering?

3. Multi-tenancy (B2B)

  1. 3.1

    How is multi-tenant identity modeled (Organizations, realms, separate tenants)?

  2. 3.2

    How are tenant-specific configurations isolated (branding, MFA policy, identity providers)?

  3. 3.3

    Describe the customer-IdP federation experience (their Okta / Entra signing in to your platform).

4. SCIM provisioning

  1. 4.1

    SCIM 2.0 server conformance. Tested against which IdPs?

  2. 4.2

    Custom-attribute handling. Push vs pull. Latency profile.

5. Developer experience

  1. 5.1

    List SDKs (JavaScript, React Native, iOS, Android, server-side languages).

  2. 5.2

    Describe custom logic extension points — Auth0 Actions, Rules, API connectors.

  3. 5.3

    Describe local development workflow.

6. ATO defense

  1. 6.1

    Describe credential-stuffing mitigation — rate limits, CAPTCHA escalation, bot mitigation.

  2. 6.2

    Describe risk-based authentication signals.

  3. 6.3

    Describe leaked-credential detection (HIBP-style screening).

7. UX + branding

  1. 7.1

    Describe branding / customization options — colors, copy, fully custom UI vs hosted login.

  2. 7.2

    Custom domain support.

8. Pricing

  1. 8.1

    MAU pricing tiers. Free tier + cap.

  2. 8.2

    What features are per-tier vs per-MAU adders?

  3. 8.3

    How do prices change at 100K, 1M, 10M MAU?

Evaluation rubric

How to score responses.

CriterionWeightHow to score
Passkey / phishing-resistant depth15%WebAuthn implementation maturity + UX.
Multi-tenancy (if B2B)20%Organizations model + per-tenant federation.
Developer experience15%SDK quality + extension points + docs.
ATO defense15%Bot mitigation + risk-based + leaked-credential screening.
TCO at projected MAU15%Year 1, 2, 3 cost at projected user growth.
Compliance posture10%SOC 2 + (if applicable) HIPAA, GDPR, PCI DSS.
Reference customer signal10%3-5 references.
Want help running it?

We run vendor selections + bake-offs.

Vendor-neutral procurement assistance — from RFP to shortlist to bake-off to negotiation. We’ve seen every vendor pitch + every contract structure.

Talk to a procurement leadPricing index

Identity, cybersecurity, and custom software for regulated enterprises. Audit-ready operations from advisory through audit.

Americas HQ

Wilmington, DE

America/New York

India HQ

Hyderabad, TG

Asia/Kolkata

Services
  • IAM Consulting
  • IAM Technologies
  • Custom Software & AI
  • IAM Staffing
  • Request Services
  • Case Studies
Resources
  • All Resources
  • Complete Guide to IAM
  • IAM Frameworks Compared
  • IAM Certification Roadmap
  • IAM API Hub
  • IAM Explainers
  • IAM Vendor Status
  • Release Notes
  • State of Identity
  • State of PAM
  • State of IGA
  • State of CIAM
  • State of AI Agent Identity
  • IAM Salary Benchmark
  • Vendor Pricing Index
  • Year in Review 2026
  • Acquisition Tracker
  • Outage Tracker
  • Identity Incidents
  • Vulnerability Tracker
  • Cheat Sheets
  • Standards Explainers
  • Migration Playbooks
  • Audit Checklists
  • Reference Architectures
  • RFP Templates
  • IAM Anti-Patterns
  • Compliance Crosswalk
  • Market Landscape
  • Awesome IAM
  • IAM Glossary
  • Compliance Frameworks
  • Integration Guides
  • Vendor Alternatives
  • IAM by Industry
  • Salary Lookup
  • Directory
Research & media
  • IAM Compensation 2026
  • Vendor Moves Q3 2026
  • Identity Incidents Q3 2026
  • Vendor Security Posture 2026
  • Vendor Pricing 2026
  • AI Citation Tracker
  • Top 50 IAM Tools 2026
  • Podcast
  • Videos
  • Newsletter
  • Newsletter Archive
  • Embed Widgets
Free tools
  • JWT Decoder
  • JWT Signer
  • SAML Decoder
  • SAML Metadata Diff
  • OAuth Flow Visualizer
  • OIDC Debugger
  • OIDC Discovery Validator
  • PKCE Generator
  • WebAuthn Tester
  • Bearer Token Inspector
  • SCIM Validator
  • Password Entropy
  • IAM RFP Template
  • PAM Vendor Selector
  • Maturity Assessment
  • ROI Calculator
  • TCO Calculator
  • MFA Bypass Risk
  • Audit-Prep Burden
  • Quizzes
Company
  • About
  • Leadership
  • Approach
  • Why Choose Us
  • Partners
  • Press Kit
  • Press Topics
  • Global Presence
  • Locations
  • Insights
  • Now
  • Community
  • Open Roles
  • Submit Resume
  • Training
  • Contact

© 2026 askmeidentity, Inc.. Safeguard your digital frontier.

  • Privacy Policy
  • Terms of Service
  • Accessibility