In general terms, Identity Management can be defined as management of individual digital identity within an organization, being it a company, a city or an entire country. In the recognition of personal identity, the specific allocation of one or more roles within the company is a key issue in both a social and working context. In the modern IT world, with the proliferation of applications, userID, passwords, database, and different accounts for each single application, you need a generalist and centralized approach. This approach makes it possible to achieve two main objectives:

• Certain and unique recognition of the person that is trying to get access, with clear roles and features;
• Simplification of access functions, without neglecting any security aspect.

Identity Management is an IT discipline, founded relatively recently, which aims to solve and automate the mechanisms of start, development and termination of the workers digital identities.
The IdM (Identity Management) tools include:

• Password management tools;
• User provisioning and deprovisioning;
• User access centralization;
• Single-Sign-On systems;
• Roles and authorisations management;
• Authorization processes management.

It goes without saying that the IT tool is used to automate a well-designed organizational process. However, without a clear idea of resources organization, IT tools can only partly solve management problems.

How can the use of digital identity management systems make improvements? With the development of e-commerce, the implementation of mobile systems and web-based applications, the concept of the workstation has become an almost absolute level of abstraction. There is almost no connection between clients which use applications and users. Users have (or rather claim to have) the possibility to connect to corporate resources using the most various devices: smartphones, tablets, personal PCs, and with the most disparate operating systems. User recognition, accounting, and digital identity security measures play a fundamental role. Beyond legal issues and compliance with ITIL and security best practices, use of IdM tools can lead to undoubted practical benefits, just think about the Self Service Password Reset systems. Over 70% of help desk calls concern password reset and the difficulty task for operators is always the same: having a reasonable certainty that the user for which assistance is sought is actually the person who is calling. Automate password reset systems, with safe Identification tools lead to real benefit concerning the time and resources.

Generally each new application brings with it a clearly defined database of users and roles, resulting in a proliferation of users and passwords, all with different criteria of complexity and with different expiration times. Being able to access the payroll web application can become a real nightmare, between PC passwords, network passwords and application passwords. The use of valid IdM systems allows the company to maximize the centralization of password management, to allow access to most resources with a single password (SSO), or at least synchronize accesses to systems that do not support SSO.

The Single-Sign-On is a blessing and a curse for all IT administrators: on the one hand, the use of a single user makes easier life for both users and administrator. On the other hand, compromise of that account could provide access to a multitude of resources and information, including the most sensitive.
It goes without saying that it is necessary in every way to preserve that access from any kind of tampering.

Modern IdM systems generally consist of four main elements:

• A central storage that contains all digital IDs;
• A unique tool for managing the life cycle of user accounts (creation, modification, privileges assignment, deletion etc.);
• A system that manages Accesses and Authentications (which therefore it put Policies into operation);
• An auditing system that allows to check the development of events and any possible deviations from Policies.

It is rare when talking about Identity Management to not approach Access Management. Especially since the term most frequently used in the management of digital identities is not so much IdM as rather IAM (Identity Access Management). An equally effective access management, especially when talking about Single-Sign-On, and must accompany a strict policy on identity.

The Access and Authentication mechanisms must follow data privacy and importance to manage: you switch from password policy to strong authentication systems: token, OTP (one time password), biometric systems.

The evolution of Cloud Computing, which has become a current hot topic in the context of security, has opened up new vistas (scenarios) for what concerns the Identity Management: no more Software as a Service (SaaS), but now Infrastructure as a Service (IaaS): the needs of corporate IT infrastructure growth and shrinkage (perhaps to cope with service spikes) caused companies to draw upon Cloud services (partially or entirely). Digital Identities management in an exposed environment, assumes even greater relevance: you are no longer protected by perimeter security. Infrastructure fruition takes place through the more disparate devices that is not always controllable. Companies sometimes interface with dozens of Cloud service providers, who need to provide secure and transverse interfaces to the integration with IAM tools, in order to extend internal Authentication/Authorization methods to all third-party provider while preserving the SSO.

The security challenge in the Cloud has just begun: it goes from Hybrid Cloud, in which the third party part is simply seen as an extension of their IT infrastructure, to the Cloud Suit, where both services, application platforms and the same infrastructure are hosted by providers, while wanting to maintain management and control.