Digital identity framework

Framework overview

A comprehensive digital identity strategy includes key functions that work together to optimize user productivity, cybersecurity, and compliance. The framework provides IT and security leaders with a blueprint to support the planning process.


Governance and administration


Healthcare and government standards

Analytics and audit reports

EPCS reporting

Risk mitigation

Anomaly detection

Entitlement and attestation review and remediation

Patient safety — records de-dupe, EMPI

Identity management

Identity provider

Identity store

Directory federation


User provisioning, including non-employees

Non-human/service account provisioning

Ongoing privilege management

Mobile device management


Roles and policies

Coarse- and fine-grained authorization control

Data access policies

One identity, multiple roles

Identity assurance

Identity proofing for EPCS

Biometric patient identification

Authentication and access

Multifactor authentication

Remote access


Clinical workflow authentication

Risk-based and adaptive authentication

Single sign-on

Cloud apps

Legacy apps

Mobile apps

Access control

Clinical/virtual desktops

Shared mobile devices

Medical devices



Password management


Patient self check-in

Choose an Imprivata product to explore in the framework

plus sign

Select all

reset sign


Identity governance

Identity Governance and Administration

Mobile IAM

Mobile Access and Control

Single sign-on

Enterprise Access Management (SSO)

Multifactor authentication

Enterprise Access Management (MFA)

Patient identification

Biometric Patient Identity

Risk analytics and intelligence

Digital Identity Intelligence

Privileged access management

Imprivata Privileged Access Management

Vendor privileged access management

Vendor Privileged Access Management

Customer Privileged Access Management


Identity is the foundation of modern security

Many organizations use digital identities to authenticate and authorize user access, and control and audit their actions. For this reason, a well architected digital identity strategy is one of the most business critical solutions today.

Digital identity stock

Governance and administration

Identity governance and administration is a key element of every digital identity strategy and includes preparing for compliance requirements. Here, you’ll need to identify the standards with which your organization will comply, including the reports you’ll need to do so.

To aid in this process, effective identity and access management solutions will provide dashboards to track which staff are accessing which applications. This enables you to monitor for compliance and generate audit summaries. For example, reports of activities as part of industry and/or government-adherent processes.

Image of a businessman and a doctor talking with each other

Identity management

Identity management is the function where IT and HR specify the sources of truth for your users, and plan for the provisioning and lifecycle management of human and non-human entities. This includes mobile and IoT/IoMT devices in hybrid environments.

Identity and access management solutions must integrate closely with your identity sources for a diverse set of roles, as well as the numerous applications and workflows found in today’s complex ecosystems. These solutions must also help manage risk by enabling you to adjust access entitlements based on continuous monitoring and anomaly detection, such as access to PHI/PII and controlled substances for healthcare organizations. 

Image of a doctor and a man looking at a smart tablet together


The authorization stage is where policies and access rules are built into your identity and access management system to govern which data and applications are to be accessed by which users according to their roles, rights, and responsibilities.

In many organizations, an employee can take on different roles that change from shift to shift as staff rotates. This complex environment of “one identity, multiple roles” demands appropriate authorization to access the tools needed without delay.

Image of a surgeon using a touchscreen on a medical device

Authentication and access

The final step is authentication and access, which is the execution phase. Here, users are authenticated and granted access to cloud, on-premises, and mobile applications used on a variety of endpoints.

Access control and authentication functions need to sync with user workflows to enable productivity. For healthcare organizations, this means enabling real-time patient care.

Employees use a variety of applications on a multitude of endpoints — from shared workstations to mobile and IoT/IoMT devices. Identity and access management solutions must integrate closely with these varied applications and devices to quickly authenticate and grant access to the mission-critical resources a user requires. 

Image of a lab employee using a touch screen desktop device