Digital identity

Identity and Access Management (IAM) heavily relies on digital identities. In this article, we delve deeper into what a digital identity is, and why they are vital for organisations. But before discussing digital identity, let’s first address what identity means. You have an identity from the moment you are born. It is what is unique or inherent to an object or individual. Identity can be split into two levels: the personal level and the group level. The personal level is what makes you unique and includes traits like your name, age, address, character and image. At the group level, identity is about the group you belong to or a passion or interest you share with like-minded individuals. Think, for instance, of supporting a specific sports team or having a fondness for a particular music genre or a specific subculture. Nationality is often a significant part of someone’s identity too. Besides those identities in the physical world, almost everyone nowadays also has multiple digital identities. This is the type of identity that plays a role in identity and access management (IAM). Now let’s delve deeper into this construct of identity.

What is digital identity?

A digital identity is the type of identity that allows a person to identify themselves within an IT system or application. It is like an online passport that grants you access to the digital world. A digital identity contains a collection of verifiable data and your digital footprint: from a username and password to personal interests and online behaviour. It’s the way you present yourself online and interact with others. Your digital identity is not just essential for accessing digital services and information, but also determines how others see you online and how you position yourself online.

Why is a digital identity important for IAM?

Identity and Access Management revolves around identifying, verifying and managing users within an organisation. The objective? To ensure that the right individuals gain access to the appropriate data and IT applications.

Assigning a digital identity to a user is crucial for this process. You can only verif someone’s identity and grant them access and editing rights if they can identify themselves within your IT systems. Only with a digital identity can an organisation verify if someone is indeed who they claim to be, and allocate access and editing rights to the correct individuals.

The difference between individuals and digital identities

Within identity and access management (IAM), it is essential to distinguish between individuals and identities. Why? Because a person can have multiple digital identities.

Take, for example, the situation where you, as an employee of a company, have a business email, but also use a personal email address to make online purchases. In this case, you are the same individual, but you have two distinct digital identities.

Although the above example focuses on a separation between a professional and personal context, multiple digital identities can also exist within the same context. Suppose as an employee of that same company, you also need access to other systems and applications with different usernames and passwords. In that scenario, you don’t just have multiple digital identities, but also various sets of access rights associated with each of those identities.

IAM solutions should not only be able to identify individual user accounts but manage and integrate all digital identities and access rights of individuals into a central system. This allows organisations to ensure that their employees have access to the correct information and applications, regardless of which digital identity they use. This is crucial in a time when people have numerous digital identities, and managing them can be challenging.

What makes up a digital identity?

A digital identity consists of a series of verifiable data and characteristics. In an IAM context, it usually involves:

• A username and password: This can be viewed as your digital ID or business card.
• Possible additional verification factors and keys: More and more often, it is not enough to simply enter your username and password, but biometric data, unique codes or device verification are also required.
• The organisation you are a part of: To verify a user and grant the appropriate rights, it is essential for a system or admin to know if they are dealing with an internal user or an external guest user.
• Department, function and role: This is particularly crucial during the authorisation phase of digital identity. This information provides insights about the tasks an individual performs and the permissions they require to complete those.

How do you verify an identity?

Verifying a digital identity is done through authentication. Authentication is the process where a user is asked to provide evidence that they are indeed who they claim to be. Authenticating a digital identity typically starts with entering a username and password. With two-factor authentication and multi-factor authentication, additional verification factors and keys come into play. This can include biometric data (fingerprint, facial scan), a unique code, an SMS or device identification (smartphone, tablet, computer) associated with a known digital identity.