Identity orchestration is a connectivity layer that businesses can use to tie multiple identities together across multiple cloud environments and platforms, allowing one consistent identity per employee.
By Tim Spring
Why do organizations need identity orchestration?
It starts with the question, “how do organizations see and use identity?” — a question that Mike Vesey, CEO of IdRamp, has been working on for over 20 years. Recently, he sat down with Identity Insights to share what he has learned along the way. The following article is a summary of this interview.
Organizations, typically, have to grant employees access and permissions to their digital infrastructure and applications. But managing a unique username and password for each service for every employee would be a nightmare when those services can number in the hundreds. Enter Single Sign On (SSO). Through SSO, employers were able to use their existing employee directory to issue one username and password and it would allow access to any program the employee needed; this is also commonly referred to as federated identity.
Soon, federated identity was available to anyone through companies like Facebook, Google, and Apple, each offering to store an identity that allowed you to log in to multiple platforms. As with many advancements in technology, this service brought its share of trade-offs. Many people started using it due to the ease of use: no more having to remember lots of passwords. But this benefit came at the cost of privacy and insecurity.
“Now we’re saying okay, Facebook knows about every interaction I have when I login,” said Vesey. “It really created the whole business of surveillance capitalism.”
A decentralized identity solves this problem. Once a verifiable credential is issued by an employer to an employee, for example, the employee holds their own data in that credential. When they need to present that credential to access the company’s network, the authenticity and integrity of their identity is confirmed by the metadata and digital signatures that have been written to a distributed ledger by the company issuing the credential.
There are many ways in which this transforms security — verification is across a peer-to-peer communications protocol using authenticated encryption. And there are many ways in which it transforms privacy — the employee, holding their data, can share it in privacy-preserving ways and by consent.
But one of the biggest practical consequences is that you no longer need a third-party to issue, store and manage your identity data. Any company or organization can create verifiable credentials to manage identity and access management. Critically, verifiable credentials can be used to integrate and orchestrate existing and incompatible systems and services.
Identity orchestration provides a flexible way for an organization to take and translate identity from anywhere, federated or decentralized, and permission access to applications, services, and systems.
This is especially important for enterprise organizations that need the flexibility to implement new services and technologies as they become available, something which is happening at an ever faster rate. While it would be great if all of these technologies were built to be interoperable, that is simply not the case. Vesey calls out the need for a “man in the middle” — a better logic engine telling all these different parts of your Identity Access Management System (IAM) how to interact. This is what verifiable credentials and identity orchestration provide.
Real-world use cases
Identity orchestration works by being invisible to the user: it’s designed to allow simple, secure integrations, and that means you are not meant to notice it. To get a feel for how frictionless it is, you can try Bouncer by IdRamp. This free-to-try application provides multiple ways to log in to Zoom, including through creating and using your own secure identity. It was created at the height of the pandemic to ensure that only those invited could attend meetings.
If you want to watch the full interview with Mike Vesey you can find it here.
If you want to learn more about identity orchestration or IdRamp you can find some interesting demonstrations on their website here.
If you want to learn more about decentralized identity or have questions about specific use cases we encourage you to get in contact with Indicio here.