Managing identity at scale is critical for healthcare enterprises balancing security, compliance, and user experience. UnitedHealth Group exemplifies this challenge, handling over 1.5 billion annual logins across employer portals, provider networks, and member apps—all under HIPAA, HITRUST, and PCI-DSS compliance. This proposal explores the rollout of a unified login solution powered by adaptive multi-factor authentication (MFA), and behavioral biometrics. The framework delivers real-time fraud detection using 200+ device signals and 150+ risk attributes, achieving a 94% reduction in account takeover (ATO) incidents. Seamless single sign-on (SSO) with step-up authentication spans 400+ commercial portals (web, mobile, API), supporting zero-downtime migration for 120M+ active users. Key design principles include operationalizing MFA for frictionless risk scoring, achieving sub-2-second authentication with 99.99% uptime, and ensuring scalability across B2B/B2C healthcare ecosystems. By integrating advanced identity technologies with compliance-driven practices, this approach demonstrates how digital identity can drive trust, security, and business growth in regulated environments. The session provides actionable insights for enterprises seeking to unify identity management while enhancing user experience and mitigating fraud at scale.Goal Achieved:Consolidated Credential validation & 2 Risk Based AuthN to one for both B2B and B2C experiences
MFA–What you Know, you Have, and Who you Are​
​