The Case for Linked Identities
I am but one person and my computer does not recognize me.
That is the feeling many get while attempting to attest to some application or service. Keeping your identity protected is necessary and we do this typically behind a password firewall that verifies we are who we say we are. In the world of computer and network based authorization and authentication, the password has become our key to entering our private digital world. Sadly, we find ourselves having multiple such identities representing multiple digital personas…. But each still represent the one single you.
Oft times however, we forget who we are, or at least the secret passphrase that keeps our identity protected. For this, we are typically presented with a method or a means to unlock or recover these identities and associated passwords. Ever click on that “forgot my password link”? Yes, you are not alone – we all have. Hopefully, the system knows well enough to ask me a few questions that only I would know so that I can regenerate, reset, recreate, or re-establish my special password key.
What happens when that particular service does not provide for a way to easily start over? Worst yet, one application or service is asking me similar, but different questions than a second application or service. Still, I am the same person. The same special attributes that make me unique are not changing. The questions that could be asked are unchanging.
What a pain it is to require me to register answers to questions for each and every unique identity source. Why can’t I for example, connect my Google Apps business account with my local Active Directory identity? What about my Microsoft 365 (and Office 365) account and my phone voice mail system password? After all, each of these provides a boundary that I pass through every day in order to use the device or service. Each of these unique passages is a means to identity me. I am but one person. Until a single means of sign on (SSO) is both 100% pervasive and ubiquitous, I will always be troubled with having to maintain a unique set of secret answers to questions in order to unlock those special accounts or reset those easily forgotten passwords.
Being the one human form that I am, I really have only one answer to the same questions.
A system capable of resetting my password or unlocking my account is a life saver for any IT organization. The realization of reduced help desk calls is enumerated easily. The return on investment is easily recognized when you consider the possibility of reducing or eliminating such calls. Still, each user may have multiple applications for which they have an identity protected by a password. An application designed to aid in the reduction of such calls should be capable of managing such incremental business applications. It should do so while maintaining a single set of questions for a single person.
Any self-aware being can identity themselves in the various business realms. Starting with a foundational identity such as Active Directory, I should be able to attest what my M365 account is (username and password), what my voicemail password is (perhaps extension and password), what my admin or test account is in the same or different Active Directory environment is. By self-identifying and then linking all of my accounts that represent the individual, there need only be a single set of secret questions asked. Imanami GroupID Password Center allows each individual to link their various internal identities to themselves. Providing a single set of questions, each system can then grant that same user the ability to reset their password, unlock their account, etch simply by providing the answers to the same set of secret questions in the same portal.
Your Phone as a Token
Second factor authentication is an additional layer of confidence given to the password reset process. Leveraging the text messaging (SMS) capabilities of your phone, each individual will be able to physically acknowledge themselves simply by having possession of a unique device in addition to the necessity of having the answer to set of secret questions. Rather than having multiple services and multiple gateways with varying levels of usefulness, as with a common set of secret questions for your multiple linked identities, the same set of linked identities is connected to the same registered mobile device.
With an extensible framework, apt administrators can add to the available identity stores manageable by GroupID’s Password Center. Tired taking or making calls to reset passwords? The idea of extending a single password reset and account unlock to all of your applications? Contact Imanami for a personal demonstration.
Jonathan BlackwellView Profile
Since 2012, Jonathan Blackwell, an engineer and innovator, has provided engineering leadership that has put GroupID at the forefront of group and user management for Active Directory and Azure AD environments. His experience in development, marketing, and sales allows Jonathan to fully understand the Identity market and how buyers think.