Content of Figures
Commissioned by Liga
1 Executive Summary
Digital identity is a core element of business and becomes even more essential as the workforce becomes increasingly more mobile. Digital identity is a key enabler of the business as well as a security measure. In order to adapt to the changing business context, the enterprise must be able to manage the lifecycle of workforce identities -- including employees, contractors, suppliers, partners, and more -- in a way that both facilitates trust and proves validity.
The workforce of today not only accesses systems and resources from any device, anywhere, but also increasingly works with other organizations in the role of contractor, supplier, or partner. The complexity of onboarding and managing these different users in a highly secure way is often unmanageable, meaning that organizations resort to trusting external organizations' processes when zero trust approaches should be prioritized. While this paper primarily discusses onboarding the workforce and partner organizations, applications for consumer identity and access management (CIAM) should also be considered. Onboarding consumers should work towards minimizing their churn and drop-off rate, which requires a thoughtful and intentional onboarding design especially when Know Your Customer (KYC) regulations must be followed. Onboarding and issuing access is not a one-time task, but is often a repeated cost for organizations without significantly increasing the security. Solving the challenge of onboarding in a way that reduces repetitive tasks and boosts security must take a higher priority to meet the changing needs of today.
A compelling way to enable business to continue smoothly while adding additional security to the onboarding and lifecycle management of identities is to leverage a network of trusted identities. By utilizing the eIDAS framework that is already in place and operationalizing it for private sector use, organizations can pull from a pool of verified identities when onboarding, validate that the identity data of the employee, contractor, partner, etc. is active and issued by the correct source, and enroll strong authentication tokens for continued use. Liga's GlobalID is operationalizing this trusted network of identities for the European market.
This method should be considered by organizations that need to reduce the complexity and increase the confidence they have in their relationships with employees, partners, contractors, suppliers, and others. It also opens up compelling opportunities for secure and very flexible multi-factor authentication (MFA), including smart cards and other tokens. Minimizing manual identity verification by automating these processes is a key cost savings for organizations considering leveraging a trusted user network for onboarding and supporting MFA, single sign-on (SSO), and moving towards passwordless.
Understand how identity verification and identity data validation at the time of onboarding enhances the digital identity lifecycle
3 The Problem with Onboarding
Workforce onboarding is flawed, with too much trust being placed on unvalidated records stored in the organization's own directory.
The perimeters o ...Login Get full Access
4 Identity Validation for a Secure Identity Lifecycle Management
Secure identity lifecycle management begins with verification at the time of onboarding to build a validated user base. But beyond a single organizati ...Login Get full Access
5 Benefits for the Enterprise
Deconstruct the onboarding journey by inheriting identities from a trusted network. This both enables work to get done while maintaining high security ...Login Get full Access
6 Liga GlobalID
GlobalID from Liga enables the use of trusted identities for enterprise workforce use, beginning with identity data validation at the time of onboardi ...
GlobalID enhances the digital lifecycle by using validated identity data for onboarding on through use and review of the identity at the organization. ...
To add to the lifecycle management of identities, review of the identity validation history is available for compliance and governance. There is a cle ...Login Get full Access
In light of the increasingly mobile workforce, the need to enable smooth workflows while enforcing zero trust at the overlapping perimeters of organiz ...Login Get full Access
- CISA, “CISA Adds Single-Factor Authentication to list of Bad Practices”, August 30, 2021, https://us-cert.cisa.gov/ncas/current-activity/2021/08/30/cisa-adds-single-factor-authentication-list-bad-practices
- ENISA, “Tips for Secure User Authentication”, June 4, 2020, https://www.enisa.europa.eu/news/enisa-news/tips-for-secure-user-authentication