Correlation is a topic that’s increasingly becoming a larger part of our conversations with customers and prospects. It’s also a subject that we think will continue to get more attention in the future.
Yet, the more we discuss correlation, the more we’ve realized that people don’t truly understand it. There’s a good deal of confusion around what correlation can do, its place within identity management and when it’s needed.
With that in mind, we decided to do a three part mini-series on correlation. Over the next three days, we’ll shine a spotlight on each of the three types of correlation to provide people with a better understanding of those technologies and how they work with identity management technology.
Today we start with identity correlation.
Identity correlation deals with a current state of accounts, giving information about the users involved in systems and applications. It reconciles and validates the proper ownership of disparate user account IDs throughout an organization, and links ownership of those user account IDs to specific individuals through the assignment of a unique identifier. Identity correlation also validates identity attributes themselves, the most important of which is the enabled or disabled state of the identity in every system.
To put it into more practical terms, identity correlation provides context to user account IDs by helping organizations link user account IDs to the individuals they represent. Some organizations use a number system, for instance, where Rachel Johnson exists in their systems as user account ID 12345. However, most use an approach where the user account ID is representative of their actual name because it’s easier for people to remember. In that scenario, Rachel Johnson would be known as user account ID RJohnson.
Another action that identity correlation handles is linking user account IDs to the access the people representing them should hold. RJohnson could exist in the HR system, Active Directory and Google Apps, the systems and applications each of her organization’s employees is required to exist in. If she’s an Accountant, she would also exist as RJohnson in QuickBooks. If RJohnson suddenly exists in HubSpot, an application only marketing employees in the organization require access to, then IT understands that they must revoke that access privilege.
The ability to show discrepancies in data is where identity correlation really shows value. If Rachel Johnson leaves her company, and RJohnson no longer exists in the HR system, but an orphaned RJohnson account still shows up in QuickBooks, it’s an indication to her organization to fix that discrepancy and remove RJohnson from QuickBooks. Another instance illustrating the need for discovering data discrepancies would be if Rachel Johnson marries and takes her spouse’s surname, becoming Rachel Bryant, her user account ID with her organization would become RBryant. If RJohnson and RBryant both exist in applications and systems, identity correlation would show that appropriate changes must be made.
How do Identity Correlation and Identity Management Work Together?
Identity management platforms should provide identity correlation. When Rachel Johnson uses RJohnson to access each of her applications or systems rather than using different unique user account IDs for each one, it’s making life easier for Rachel, but also for IT. Examining the identity correlation for Rachel Johnson is a simple, quick process for IT staff.
To learn more about all three types of correlation, download our free guidebook, Do You Need Correlation?