Everyone is talking about digital identities, and terms like IAM, PAM, and SSO swirl and twirl around digital services. Getting confused? Are you missing out on the latest insights? Here’s a quick vocabulary to get on top of the DI conversations.
1. Digital Identity
Digital identity is a collection of attributes related to a person. A person may have multiple digital identities for the same or different services. The old saying is still true: everything you publish on the web, or someone else has published about you, will be there forever. Even dead people have digital identities.
See also: MyData
Authentication answers the question: Are you who you say you are? Digital service or system needs some information about the user so that they can have access. Recognizing a person in the digital world can happen on many levels. It varies from a simple question of a password and a username to the extent of strong authentication (see multifactor and biometric authentication).
3. Multifactor authentication
When you want to take the authentication to the next level, you can use two different types of authentication, for instance, email and password and an automated phone call or text message. Using several authentication methods for one user makes the recognition harder to compromise.
4. Biometric authentication
This authentication method was long known only in sci-fi and action movies. These days it’s an everyday task to log in to your phone by using a fingerprint or showing your face at the camera. It’s hard to break through a biological authentication method, so they are considered quite safe, thus strong.
The most common biometric authentication methods use facial recognition, fingerprint, microchip, voice, and iris. The newest type of biometric authentication is based on behavior, such as the way of typing or walking. In the AI world, computers can take these types of personal “samples” fast and recognize the person.
5. Single-Sign-On (SSO)
When a system has Single-Sign-On (SSO) property in use, the user needs to log in only once, and they can access to all internal network services. A single authentication for multiple applications is based on a connection provided by an private network. SSO makes the user experience and workflows smoother.
When you are authorized, you’ll get a right to do something based on the role you have. For instance: when you’re enrolled in a new company, you’ll get access to certain digital areas (unless you have privileged access, see: PAM). You might not even know all the information you don’t have access to, but don’t worry – you don’t need to. The policy of “least privileged access” is commonly used.
See also: IAM
Identity & Access Management (IAM) is needed when you need to handle personal data records. Usually, when a service gets over a hundred users, you need some kind of system to handle it. Pro tip: In IAM, and why not all the other organizational actions, it’s crucial to base every task to roles, not to individuals. A user should get certain access rights automatically when their role changes, and it shouldn’t be based on someone’s memory or manual work. For this, there are a lot of IAM tools available. The bigger the organization, the more beneficial the automated IAM tools are.
Privileged Access Management (PAM) is like a golden membership for IAM. PAM is used to control privileged credentials that are often related to system infrastructure. PAM is a system that defines who gets to use these credentials and how. You can also see from PAM the current view of how these credentials are used. Unfortunately, in most companies, these privileged accounts are poorly governed and there’s no PAM in place.
MyData is a principal, whereby the user owns and governs their personal data. According to the MyData principal, the user decides which personal attributes are given and to whom. The information can be granted on different levels. For instance: when a service wants to know how old the user is, the answer can be given on different levels. On a general level, it would be a request for user’s age and on a more detailed level it would mean the exact birth date. The user gives permission for the information level they want.
10. Good Governance
Wait, why is this administrative term here among digital identity vocabulary? Well, usually, people don’t think about good governance when they talk about digital identities. But if you want to be the forerunner in IAM, good governance is the one thing people should be talking about. Digital identity management done right is not a technical but an administrative issue.
What’s happening in identity and access management in your company? Find out by taking our quick test: nixu.com/DI