Digital Identity
What is Digital Identity?
Digital IdentityThe combination of identifiers, credentials, and attributes that represents a person, organization, or device in online systems.
A digital identity is the set of data that an information system uses to recognize, authenticate, and authorize a subject — typically a person, organization, device, or service. It includes identifiers such as email addresses, usernames, customer IDs, or DIDs, credentials like passwords, certificates, or passkeys, and attributes such as roles, entitlements, age, or affiliations. Digital identities are governed by lifecycle processes — provisioning, authentication, authorization, audit, and de-provisioning — and increasingly by privacy regulations like GDPR and eIDAS that require minimization, consent, and clear retention rules. Modern designs favour federated identity, passwordless authentication with passkeys, decentralized identifiers, and verifiable credentials over siloed account stores.
● Examples
- 01
A corporate identity in Azure AD comprising user object, group memberships, MFA factors, and device posture.
- 02
A citizen profile in a national eID scheme used to sign documents and access public services.
● Frequently asked questions
What is Digital Identity?
The combination of identifiers, credentials, and attributes that represents a person, organization, or device in online systems. It belongs to the Identity & Access category of cybersecurity.
What does Digital Identity mean?
The combination of identifiers, credentials, and attributes that represents a person, organization, or device in online systems.
How does Digital Identity work?
A digital identity is the set of data that an information system uses to recognize, authenticate, and authorize a subject — typically a person, organization, device, or service. It includes identifiers such as email addresses, usernames, customer IDs, or DIDs, credentials like passwords, certificates, or passkeys, and attributes such as roles, entitlements, age, or affiliations. Digital identities are governed by lifecycle processes — provisioning, authentication, authorization, audit, and de-provisioning — and increasingly by privacy regulations like GDPR and eIDAS that require minimization, consent, and clear retention rules. Modern designs favour federated identity, passwordless authentication with passkeys, decentralized identifiers, and verifiable credentials over siloed account stores.
How do you defend against Digital Identity?
Defences for Digital Identity typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Digital Identity?
Common alternative names include: Online identity, Electronic identity.
● Related terms
- identity-access№ 292
Decentralized Identifier (DID)
A W3C-standard identifier that a subject controls directly, independent of any centralized registry, and that resolves to a cryptographic key material document.
- identity-access№ 1200
Verifiable Credential
A tamper-evident, cryptographically signed statement issued by one party about a subject, expressed in the W3C Verifiable Credentials Data Model.
- identity-access№ 1005
Self-Sovereign Identity (SSI)
An identity model in which individuals or organizations hold and present their own credentials directly, without relying on a central identity provider.
- identity-access№ 793
Passkey
A phishing-resistant FIDO2/WebAuthn credential — a device-bound or syncable asymmetric key pair that replaces passwords with a cryptographic challenge-response.
- identity-access№ 1247
Workforce Identity
The identities, credentials, and access rights of an organization's employees, contractors, and internal services, as opposed to customer identity.