May 26, 2026

The Next Generation of Enterprise Access Management: Why Passwordless Is Just the Beginning

By the Imprivata editorial team
Person using a laptop with secure login facial recognition and encrypted data stream interface

How healthcare organizations are adopting passwordless authentication, adaptive access, and Zero Trust security

Healthcare organizations are under increasing pressure to improve both cybersecurity and clinical efficiency—but traditional authentication methods continue to create friction.

In our recent webinar, “The next generation of Imprivata Enterprise Access Management,” Sean Kelly and Chip Hughes explored how leading health systems are moving toward passwordless authentication, adaptive access, and Zero Trust security models to close this gap.

You can watch the on-demand webinar here to hear the full discussion.

The takeaway is clear: The future of Enterprise Access Management (EAM) is frictionless, passwordless, and context-aware.

Why password-based security fails in healthcare

Healthcare environments demand speed. But traditional login workflows slow clinicians down—and when that happens, security breaks down.

If security slows clinicians down, they will find a way around it—every time.

— Sean Kelly

This leads to:

  • Shared credentials
  • Unattended sessions
  • Increased insider risk

That’s why organizations are shifting to passwordless authentication solutions that eliminate login friction while improving security.

Solutions like enable clinicians to authenticate quickly using badges, biometrics, or mobile methods—without relying on passwords.

Passwordless authentication requires stronger identity security

Moving to passwordless doesn’t reduce risk—it changes where risk lives.

It’s not just about enabling access—it’s about ensuring only the right identities can use those mechanisms.

— Chip Hughes

Modern Enterprise Access Management solutions must include:

  • Identity verification during enrollment
  • Credential governance and policy enforcement
  • Protection against unauthorized devices and badge types

For example, attendees asked whether organizations can restrict third-party badges or unsupported RFID credentials. The answer: yes—through policy controls that define which credentials are allowed.

Passwordless authentication must be paired with strong identity assurance.

Adaptive authentication: the shift to risk-based access

The biggest evolution discussed was the move from static authentication to adaptive, risk-based access control.

Instead of treating every login the same, modern systems evaluate:

  • User identity
  • Device trust
  • Location and behavior
  • Real-time risk signals

This enables:

  • Faster access in low-risk scenarios
  • Step-up authentication when needed
  • Continuous verification aligned to Zero Trust

This model is a core component of , which combines authentication, identity verification, and risk analytics into a unified access strategy.

You can watch the on-demand webinar here to see how these concepts were discussed in real-world healthcare scenarios.

Managing identity and access complexity in healthcare

Healthcare IT environments are becoming more complex due to:

  • Shared and roaming workstations
  • Multiple authentication methods (badges, biometrics, mobile, passkeys)
  • Third-party users and devices

Fragmented tools can’t keep up.

The webinar reinforced the need for a unified Enterprise Access Management platform that:

  • Centralizes authentication and identity management
  • Applies consistent access policies
  • Reduces operational complexity

Why workflow-driven security matters

Security solutions must align with clinical workflows—not disrupt them.

You can’t bolt security onto a clinical workflow after the fact—it has to be designed together.

— Sean Kelly

In healthcare, effective access management solutions must:

  • Support fast user switching
  • Minimize repeated logins
  • Enable secure access in shared environments

This is where passwordless and proximity-based authentication deliver real impact—by embedding security directly into clinician workflows.

The future of Enterprise Access Management (EAM)

The next generation of EAM is defined by:

  • Passwordless authentication (badges, biometrics, passkeys)
  • Phishing-resistant authentication methods
  • Identity verification and credential governance
  • Adaptive, risk-based access control
  • Unified access across users, devices, and applications

Together, these capabilities enable a Zero Trust approach to access—where trust is continuously evaluated, not assumed.

Final takeaway

Passwordless is the foundation—but adaptive, identity-driven access is the future.

Healthcare organizations that adopt this model will:

  • Improve clinician productivity
  • Reduce security risk
  • Eliminate authentication friction

And most importantly, they’ll align security with how care is actually delivered.

You are currently browsing

Product availability varies by region. Would you like to choose a different region?

No thank you, I'd like to continue