CIAM is not nearly as popular of a term as it needs to be. When most developers build apps today, they still look at their cloud provider's IAM or Active Directory for inspiration in design of their customer-facing systems. I think this article is actually understating the complexity. Conway's Law rules all and sometimes your systems and users won't even necessarily be in your control. I urge folks to look into policy engines like OPA[0] and ReBAC systems like SpiceDB[1] rather than reinventing the wrong wheel.
Also a bit disappointed in the article that it doesn’t connect the dots between WIAM and CIAM for B2B. One companies customer is another companies workforce.
Many of the apps you want to have for your workforce are actually third party, but you want to give SSO etc with an employee account. These saas apps need to not only provide CIAM ala “sign in with google” but allow the Customer to set up the connection with the WIAM to give employees access.
[0]: https://www.openpolicyagent.org
[1]: https://github.com/authzed/spicedb