Increasingly, HR staff are having to deal with both external and internal identities. Have you ever wondered why the number of external identities keeps increasing and how to best deal with this new influx of identities?
This blog will give you the full story. We will explain what external identities are, the types of external identities you may encounter and why it is important to manage external identities carefully.
The difference between internal and external identities
You are probably familiar with internal identities: they are the people your organisation employs. External identities are the people who work for your organisation but are not employees, or who come from external parties with whom your organisation works.
External identities not only include freelancers and temporary employees, but also volunteers and trainees. And often it concerns employees of suppliers or service partners in the chain of which your organisation is a part. In many organisations, the number of external identities easily accounts for 20% of the total workforce.
Recording internal and external identities
Just like internal identities, external identities need access to (parts of) the organisation’s IT environment in order to carry out their role or task properly. Even if it is just a badge to enter the building or the right room. Their digital identity data is the foundation that enables access to the IT environment through your organisation’s Identity and Access Management solution.
That is why it is so important to carefully record and manage the identity data of all identities on an ongoing basis. Employee identities are likely to be recorded in the HR system, which is designed specifically for the employee lifecycle. In practice, external identities are also recorded in the HR system. But is this smart, efficient and safe?
So what is different?
GDPR laws and regulations are very clear about what identity information may or may not be recorded and processed. This is very different for internal and external identities, which can make complying with these important laws and regulations a serious challenge.
The lifecycle of an external identity can also differ considerably from that of an internal identity. An employee usually starts on the first working day of the month, and when someone leaves, it is often at the end of the month.
That is not the case with external identities. They often have to work on an ad hoc basis or start on the 15th day of the month, for example. Nor is it always clear whether an external identity still works for an organisation, as there is usually no offboarding process.
In practice, this often means that access to the IT environment for external identities is not available when it is needed, and that access is not revoked in time or at all once it is no longer being used. This is highly inefficient and often results in frantic calls, messages or emails. But more worryingly, it can cause unnecessary security risks.
Properly managing your external identities
The iD Veritas solution allows you to record and manage all of your organisation’s external identities. You can also outsource this management work to the parties you work with, such as your resourcing partner or supplier from whom the external identities originate. These organisations can record their own employee data in iD Veritas, while your organisation retains control of the external identities at all times.
iD Veritas can be connected as a source system to your organisation’s Identity and Access Management solution. This ensures that external identities are given the correct roles, rights and access through the IAM solution, just like internal identities.
How does ID Veritas help?
iD Veritas enables you to carry out the onboarding and offboarding processes for external employees in an efficient, safe and controlled way. As a result, you are in firm control of the entire lifecycle. You can achieve this in 5 steps:
- All external identities in iD Veritas.
Manually enter external identities into iD Veritas, upload a CSV overview or connect iD Veritas to your supplier’s database (via an API). This creates one central source of clean data of your organisation’s external identities - The lifecycle of external identities.
External identities join your organisation; their role or function may change over time and at a certain point, their contract ends. iD Veritas lets you manage and automate the complete lifecycle (also known as the Joiner-Mover-Leaver process) of your external identities. - Connecting to your IAM solution.
iD Veritas can be connected to any Identity and Access Management solution on the market. iD Veritas uses open standards (such as an API) to send and receive information to and from your IAM solution. Your IAM partner can handle this connection between iD Veritas and your IAM solution. If you don’t have an IAM partner, then The Identity Managers are here to help you. - Outsourcing the work to your suppliers or service partners.
You have the option of outsourcing the management of external identity data to your resourcing partners. For example, you can outsource administrative tasks such as the entry, modification and deletion of external identities. All your organisation has to do after that is validate the information that was entered. Easy and efficient! - Maintaining control and oversight.
Thanks to the security-by-design architecture and privacy-by-default functionality for the absolute separation of data, you can safely manage the identity data of your external identities. Standard functionalities such as a recertification process and extensive reporting possibilities not only put you firmly in control but enable you to demonstrate it as well. This makes it a lot easier to comply with laws and regulations.
Contact
If you would like to learn more about managing external identities with iD Veritas, please contact us at 088-9982020 or sales@id-veritas.com. We look forward to hearing from you!