KuppingerCole Report
By Anne Bailey

A World with Validated Identities

Digital identity is a core element of business, more essential than ever before as the workforce becomes increasingly more mobile. The key to enable more efficient work is to remove barriers to onboarding and access for employees within the organization, and those partners, suppliers, and contractors outside the organization while adding additional security to the onboarding and lifecycle management of identities. A way to do this is to leverage a network of trusted identities. This whitepaper discusses the approach to operationalizing validated identity data for enterprise workforce use.
By Anne Bailey

Commissioned by Liga

1 Executive Summary

Digital identity is a core element of business and becomes even more essential as the workforce becomes increasingly more mobile. Digital identity is a key enabler of the business as well as a security measure. In order to adapt to the changing business context, the enterprise must be able to manage the lifecycle of workforce identities -- including employees, contractors, suppliers, partners, and more -- in a way that both facilitates trust and proves validity.

The workforce of today not only accesses systems and resources from any device, anywhere, but also increasingly works with other organizations in the role of contractor, supplier, or partner. The complexity of onboarding and managing these different users in a highly secure way is often unmanageable, meaning that organizations resort to trusting external organizations' processes when zero trust approaches should be prioritized. While this paper primarily discusses onboarding the workforce and partner organizations, applications for consumer identity and access management (CIAM) should also be considered. Onboarding consumers should work towards minimizing their churn and drop-off rate, which requires a thoughtful and intentional onboarding design especially when Know Your Customer (KYC) regulations must be followed. Onboarding and issuing access is not a one-time task, but is often a repeated cost for organizations without significantly increasing the security. Solving the challenge of onboarding in a way that reduces repetitive tasks and boosts security must take a higher priority to meet the changing needs of today.

A compelling way to enable business to continue smoothly while adding additional security to the onboarding and lifecycle management of identities is to leverage a network of trusted identities. By utilizing the eIDAS framework that is already in place and operationalizing it for private sector use, organizations can pull from a pool of verified identities when onboarding, validate that the identity data of the employee, contractor, partner, etc. is active and issued by the correct source, and enroll strong authentication tokens for continued use. Liga's GlobalID is operationalizing this trusted network of identities for the European market.

This method should be considered by organizations that need to reduce the complexity and increase the confidence they have in their relationships with employees, partners, contractors, suppliers, and others. It also opens up compelling opportunities for secure and very flexible multi-factor authentication (MFA), including smart cards and other tokens. Minimizing manual identity verification by automating these processes is a key cost savings for organizations considering leveraging a trusted user network for onboarding and supporting MFA, single sign-on (SSO), and moving towards passwordless.

2 Highlights

  • Understand how identity verification and identity data validation at the time of onboarding enhances the digital identity lifecycle

  • Discuss ...

Login Get full Access

3 The Problem with Onboarding

Workforce onboarding is flawed, with too much trust being placed on unvalidated records stored in the organization's own directory.

The perimeters o ...

Login Get full Access

4 Identity Validation for a Secure Identity Lifecycle Management

Secure identity lifecycle management begins with verification at the time of onboarding to build a validated user base. But beyond a single organizati ...

Login Get full Access

5 Benefits for the Enterprise

Deconstruct the onboarding journey by inheriting identities from a trusted network. This both enables work to get done while maintaining high security ...

Login Get full Access

6 Liga GlobalID

GlobalID from Liga enables the use of trusted identities for enterprise workforce use, beginning with identity data validation at the time of onboardi ...

GlobalID enhances the digital lifecycle by using validated identity data for onboarding on through use and review of the identity at the organization. ...

To add to the lifecycle management of identities, review of the identity validation history is available for compliance and governance. There is a cle ...

Login Get full Access

7 Recommendations

In light of the increasingly mobile workforce, the need to enable smooth workflows while enforcing zero trust at the overlapping perimeters of organiz ...

Login Get full Access


©2021 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.