20 February 2025
A digital identity is a profile or set of information tied to a specific user, machine or other entity in an IT ecosystem. Digital IDs help computer systems distinguish between different users for access control, activity tracking, fraud detection and cyberattack prevention.
In most systems, an entity’s digital identity is made of their unique attributes. Together, these attributes form a record that verifies the entity’s identity and distinguishes them from other entities.
For example, a human user’s identity in a corporate network might include identity information such as their social media handles, Social Security number and network username.
Verifiable digital identities are the foundation of authentication and authorization, the processes that IT systems use to verify users and grant them appropriate access. Both human and nonhuman users need digital identities to interact with digital services and one another.
Trusted digital identities allow people, machines, apps and service providers to be sure that the entities they interact with are who they say they are. Digital identities also allow systems to monitor activity and determine which entities are taking which actions.
Because of their importance to the digital world, digital identities are a major concern for organizations today. A study for the Identity Defined Security Alliance found that more than half of organizations (51%) see managing and securing digital identifications as one of their top three priorities.1
Strengthen your security intelligence
Stay ahead of threats with news and insights on security, AI and more, weekly in the Think Newsletter.
There are multiple types of digital identities—not only for people, but also for devices, services and other digital entities.
Human digital identities
Human digital identities are the digital identities that correspond to human users in a system.
A human digital identity might include information such as age, driver’s license, Social Security number or biometric data such as fingerprints and facial recognition scans. Humans use their digital IDs to access digital resources, such as logging in to a bank account online or retrieving sensitive assets on a corporate network.
Machine digital identities
Machine identities correspond to nonhuman entities such as apps, bots, Internet of Things (IoT) nodes and other devices. They often use unique identifiers such as certificates or tokens to authenticate and distinguish themselves.
Just like a human user’s digital ID, a machine’s digital ID allows it to access certain digital resources, such as a business app fetching sensitive data from a cloud database.
Federated identities
Federated identities enable individuals to use their digital identities across multiple systems and services.
Federated identities are essentially a type of user or machine identity that is not limited to one system. They give the user the added convenience of not needing to create a different identity for each system. Interoperability—a standards-based approach to enabling different IT systems to exchange data—helps enable identity federation.
Digital identities play a key role in the identity and access management (IAM) systems that enterprise organizations use to enforce cybersecurity measures and control user access to digital resources.
When a new user needs access to a system—a new employee on a company network or a new server in a data center—the user must establish a distinct digital identity in that system. The IAM system then uses these distinct digital IDs to monitor user activity and apply tailored permissions.
When a user requests access to a digital asset, they must authenticate themselves with the IAM system. Authentication entails submitting some credentials—such as a username and password, date of birth or digital certificate—to prove the user is who they claim to be. For extra security, some IAM systems might use multifactor authentication (MFA), which requires users to provide more than one authentication factor to prove their identities.
When the user passes authentication, the IAM system checks the permissions associated with their unique digital identity and grants only those approved permissions. In this way, IAM systems keep out hackers while helping ensure that each individual user has the exact permissions they need for their tasks.
In a single sign-on (SSO) system, a user can use one digital identity to access multiple apps and online services. The SSO portal authenticates the user and generates a certificate or token that acts as a security key for various interconnected resources.
Digital identities help protect computer systems from threat actors, fraud, identity theft and other unauthorized activities.
According to the X-Force Threat Intelligence Index, the theft of valid accounts is the most common way that cybercriminals break into victim environments, accounting for 30% of all incidents.
Digital identities can help close vulnerabilities in the identity layer and strengthen data protections against identity-based attacks in a few ways.
Digital identities make it easier for organizations to track user activity. Not only can they distinguish between authorized and unauthorized users, but they can also spot suspicious behavior associated with authorized users’ digital identities, which can signal an account takeover in progress.
Extra measures, such as MFA and time-based credentials, can also help safeguard digital identities from being stolen or misused. These added layers of security can help drive revenue rather than drain budget. An IBM Institute for Business Value study found that 66% of operations executives view cybersecurity as a revenue enabler.
Trust is key to enabling collaborative workflows among internal staff, customers, service providers and external partners. A strong digital identity management system helps users trust that the people, machines and services they connect with are authentic and reliable.
Artificial intelligence (AI) can help speed up digital identity verification processes by analyzing huge datasets of digital identifiers, such as facial features, fingerprints or retina scans. This helps streamline and strengthen identity verification, further promoting trust within computer systems.
Public and private sector organizations must often follow data privacy mandates such as the General Data Protection Regulation (GDPR) or the Payment Card Industry Data Security Standard (PCI DSS).
IAM systems based on trusted digital identities can help organizations ensure that only authorized users can access sensitive information. IAM systems can also record audit trails to help companies prove compliance or pinpoint violations as needed.
Part of the power of cloud services is that they can be accessed from almost anywhere. But strong identity verification processes are required to prevent unauthorized and fraudulent access.
With the rise of remote work and cloud computing, users are increasingly distributed, and so are the resources that they need to access. A verified digital identity can substitute for—and offer as much security as—swiping a chipped ID card on site or showing a driver's license or passport.
Some decentralized digital identity systems allow users to create their own portable digital identities and store them in digital wallets. Such ecosystems give identity control to the individual and take the onus of managing the identities off service providers. To verify users’ digital identities, organizations can check their credentials against a shared trust registry.
There is a vast array of use cases for digital identities across industries, with many supporting how users and applications interact with cloud resources.
Government
Governments often use digital credentials to streamline and secure the delivery of government services. Secure digital identities enable citizens to verify themselves so they can collect benefits and file taxes, and governments can trust that these citizens are who they say they are.
Healthcare
Digital identities enable patients to securely share health data with their providers, making it faster and easier to get multiple opinions before determining a medical treatment plan.
Providers can use digital identity solutions to verify insurance coverage, monitor health devices and help comply with rules such as the Health Insurance Portability and Accountability Act (HIPAA).
E-commerce and retail
Digital identities enable sellers to deliver better customer experiences tailored to individual users based on their personal data.
For example, digital identity systems enable customers to store payment data for later purchases, while retailers can use the order history associated with unique identifiers to generate personalized recommendations.