The process of managing the entire lifecycle of a digital identity is called Identity Life Cycle Management (ILM). An identity may have different aliases in between and within different systems.

The diagram below gives an example of different lifecycles.

Within Identity Management, the core data of the ILM process is recorded within the Identity Store via the IBIS web-portal.

Identity data stored in the Identity Store is recorded when certain events occur, for example, a new employee’s arrival. These can be changed or even be deactivated after a certain amount of time.

Naming a person at a place of formation or hiring an employee is enough for the Identity Store to record a person or identity. That process is comparable to an appointment; just with the difference that there is another kind of employment or contract.

The starting point for Identity Management is that one single piece of data should be managed in one single place, at the authoritative source. By provisioning data from authentic sources it can be made available to all the systems that need this data.

Identity Management does not always have to be executed by a central organization; that’s where self-service can come in handy. Employees themselves can add certain information to the dataset from the authentic sources, or the employee can tell the data manager of the source that some information has to be adjusted.

Authentication is the verification of a user identity. Is the employee who is trying to gain access to certain ICT facilities actually who they claim to be? This can verified in various ways. The most common way is with a username and a password. The problem with this is that users have many different usernames and passwords and are difficult to remember. This poses a security problem. Employees often choose easy-to-guess passwords and even use the same password multiple times.

A way to overcome this is Single Sign-On (SSO). SSO allows the user to log in just once during an entire work-session; preferably combined with a strong authentication method.

Authorization controls which employee has access to which ICT facilities and what he/she has permission to do with these facilities.

In larger organizations employees often need access to many different systems such as the network, back office applications, etc. It is difficult to keep an overview on who has access to what. This can cause a delay in getting a new employee all the right permissions and access to do his/her work. Often, when an employee leaves the organization, his/her permissions and access are not revoked which results in ‘sleeping accounts’ and poses a dangerous security risk.

Role Based Access Control (RBAC) is a way to get a tighter grip on authorization management. This method grants authorizations based on the roles an employee fulfills within an organization. RBAC is a spin-off from the Attribute Based Acces Control (ABAC) method. ABAC assumes that because of a certain attribute of an employee, he/she can gain access to, for example, certain applications. Such an attribute can be a Role (as described above) but also attributes such as a function-code, postal code of a working-address, age, membership of a project group, etc. RBAC is supported by ABAC and more.

Trusted-ID can design and build a tested IAM solution within a pre-determined timeframe with a fixed price. For more information see our page about our services.

DSDM stands for Dynamic Systems Development Method and it is the method we use to optimally connect to an IAM process within your organization. We start with determining the maturity level of an organization. For more information see DSDM.

RIN stands for Rijks Identificatie Nummer (Government Identification Number).

For special educational licenses you can contact Darryl Karamat Ali via darryl@trusted-id.eu or call us via +31 88 427 16 55.