Videos

Check out a new approach to Access Modeling that enables automation, scalability, and optimization of resources while providing a complete solution to managing access across the enterprise.

This session will show you how our presenters leveraged a cloud based risk assessment service to make their MFA smarter without interrupting the normal end user experience.

The talk aims at simplifying the complexities around the FIDO protocol and how to leverage it in practice to achieve stronger authentication.

This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict the future.

This talk is targeted toward a more technical audience. Outline: •What is OPA •What Problems does it solve? •How can OPA be used in a Policy-Based Access Control architecture •Example live demo use cases.

This has a more technical focus, including discussion of enabling 802.1x, rebuilding a directory service, adding MFA and FIDO credential, and changing customer and partner IAM systems.

Leslie shares her experience implementing RBAC in a fast-moving SaaS company and offers tips and tricks to help you plan and execute your own RBAC transition. This talk is process-focused and platform-neutral.

Mastercard seeks to lead the creation of a collaborative user centric new trust ecosystem, to allow all types of digital interactions, where user data will be verified in a secure and privacy-sensitive way.

Jon Lehtinen shares his experiences testing several DNS architectures, and highlights how different resolution methods, failover policies, and other seemingly inconsequential components greatly impact how instantaneous- or not- your failover can be.

In this session, you will learn about the key technical challenges in creating decentralized identifier/PKI systems, how we designed the Sidetree protocol to solve them, and understand how to use ION (an instantiation of Sidetree running on Bitcoin)

This session outlines the conceptual architecture and approaches how PayPal is leveraging industry-leading standards (OAuth/SAML/SCIM/GraphQL) to create various integration pattern

Workday Credentials was announced at Workday Rising in October of 2019, offering individuals a way to share, hold and receive blockchain backed W3C compliant verifiable credentials and establish a decentralized corporate identity.

In the Decentralized Identity model, the identifiers by which actors are known or related metadata are sometimes resolvable against a Decentralized Ledger Technology (DLT).

Join our expert panel for an in-depth discussion of the challenges and pitfalls of handling strong authentication at large scale – and an exploration of possible solutions.

This session will discuss real-world experiences in creating a more-robust, identity-centric IAM program and helping sell that program to the C-suite in terms that go beyond compliance and how those minor changes have helped organizational leaders.

Learn how to reproduce an issue with some readily available tools and investigate key elements of federation protocol messages. SAML, OAuth, and OpenID Connect scenarios will be covered. Issues to troubleshoot will include time synchronization issues

will also tackle the challenges most organizations face meeting these requirements and provide a worked example to help organizations document their identity proofing processes and requirements as prescribed by the NIST standards.

This talk will explain the role of digital identity in free and democratic elections. It will introduce the term Maskirovka – Russian military deception – and give examples of information operations, including deep fakes and disinformation.

Digital economies need digital identity, as does true service transformation. This talk will discuss how to do this at a national or international scale without creating a mechanism for an attack.

This presentation will set out a vision and unique opportunity for the Identity profession to apply itself to building the critical infostructure of the Digital Economy.

Understand why identity networks matter – Elements of identity networks – Identity network example architectures – Requirements of an identity network – Comparison of identity network approaches – Advice to consider when choosing an identity

Get an understanding the trade-offs of mechanisms for 2FA recovery (like government ID verification, forced waiting periods, security questions) and debating the value of recovery tokens.

Customer Identity and Access Management means different things to different people. It rarely comes as a greenfield opportunity in established financial services firms. A successful strategy thus needs to manage expectations (and politics).

In this session, we will explore trends in the customer authentication threat landscape and their impacts. We will talk about how customers feel about the perceived increase in security hurdles.

This session will highlight key architecture how General Motors decided on leveraging a Customer IAM platform as the core element in building a common set user experiences across all of its customer touch-points, including web, mobile and in-vehicle

This talk will define a set of identity “vectors” that can be used to provide better user experiences across the full life-cycle of user identity and service interactions.

This session will present an implementation strategy for deploying OAuth 2.0 and OpenID Connect for Single Page Applications (SPAs) by leveraging a secure server backend.

This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict the future.

Digital economies need digital identity, as does true service transformation. This talk will discuss how to do this at a national or international scale without creating a mechanism for an attack.

In this presentation, you’ll learn approaches to quickly onboard the next generation of services by engaging the developer ecosystem.

This session is a hands-on approach to identity management in Kubernetes. This session will walk users through integrating Active Directory via OpenID Connect, enabling the audit log, debugging RBAC policies and finally enabling and configuring pod s

See this session to learn the basis of modern identity development and be better equipped to understand and participate to more advanced developer themed sessions, at Identiverse and beyond.

Open Banking is becoming the front line of the data economy in our era. It is seen as a field that fosters new industry that many governments are requiring the implementation of secure but usable APIs as part of their economic growth policy packages.

To truly solve the Travel Rule at a global scale, we propose the use of a consortium trust network arrangement for VASPs to exchange signed claims about subjects and their public-key information. Check this presentation to find out how.

As technologists when technology won’t solve all our problems how do we step out of our comfort zone to truly make a step change for how customers engage with the banking industry in New Zealand.

This session will detail the important lessons from a user experience perspective, cover the efforts being made to remediate existing problems, and make recommendations for Open Banking’s implementation in emerging markets, like the USA.

This session will explain how broken the healthcare identity process can be, what some health systems and payers are doing to improve it and where the healthcare sector will be (should be) in the coming years

As organizations continue to deal with the harm these breaches have caused, there appears to be little hope on the horizon to secure healthcare data.

This talk will address real-world considerations when providing solutions for this important and often-untapped user population.

In this session, you will learn about the current state of identity security and how more collaborative identity solutions touch every aspect of the digital economy.

The majority of modern mobile devices now have built in secure key stores with biometric protection, and these are used to great effect to create secure native mobile applications with slick authentication.

This talk will outline our research on smart car alarms, solar inverters, car chargers and watches showing critical systemic IoT flaws that allowed trivial access to hundreds of millions of devices.

Capital One’s award-winning mobile app, and will share their insights on biometrics. We will share what we have learned, the pitfalls to avoid, and how to create a great, secure user experience.

Look at technologies and protocols like the Device Provisioning Protocol (DPP) which simplifies provisioning for end-users and enterprise administrators as well as provides a persistent, cryptographically backed device identity to the network.

As the value of enterprise data increases, so too do the risks to the enterprise, to the individual, and to the industry. Do you as an identity, privacy, or security professional know how to recognize those risks, let alone mitigate them?

In this session, Kathryn Harrison, CEO of DeepTrust Alliance will discuss the advent of deepfakes (AI generated videos, audio, text) and their impact on digital trust.

This session will provide insight on what to consider when planning to enable folks to share attributes of their identity, and will use a few scenarios to discuss controls that can be put in place.

This session explores a few different schools of thought around the pros and cons of user-owned data and alternatives for the future of ethical data privacy.

Transparent. Seamless. Secure. Helpful. Easy. All things organizations strive for in terms of user experience. But what about the enterprise teams that work behind the scenes to make this digital experience better?

This session will dive into the identity-related portions of the CCPA regulations, outlining how CCPA has made compromised passwords more valuable.

For this session, you will hear the UX Design Lead, Lead Business Analyst and Identity Architect from a product team of a global identity and security company discuss the complex dance of how to design and build a product with designed-in privacy.

Many people seem to believe that having their customers pressing “Agree” button is good enough to collect their “consent”. That’s actually not the case.

Tech companies and departments with gender diversity are more likely to stay on schedule, under budget, and have improved employee performance and satisfaction. Gender-diverse teams and business units have higher revenues and profits. Learn more.

Steve “Hutch” Hutchinson and Mike Kiser have both started IAM user groups in their city and, with a little help from Clooney & Pitt, will provide you with a blueprint for something no less ambitious than ripping off three casinos.

In this session, with an identity management principal architect, we’ll cover the basics of what makes a good diagram,

Developing an identity startup? Looking for your next round of funding? This session provides information for identity startup founders and teams on how they can raise capital for their business.

The future of the standards and services we build is unwritten. We are curious about the future because we shape it. But from the works of our hands to a world 10 years hence is an unknown path.

Women occupy less than 15% of executive roles in the technology sector according to the U.S. Bureau of Labor Statistics. This keynote will focus on how to cultivate and advance diversity by including women and people of color into upward career paths

Knowing what skills you need to become an identity practitioner isn’t obvious. Picking which technical and nontechnical skills you need to strengthen isn’t a straightforward choice. To get clarity you need to hear from other people who’ve been there.

In the last two years, the war for the hearts, minds, and wallets attached to a humans' digital identity has set the stage for open warfare in 2020 and beyond by organizations and industries.

In this nerve-wracking session, through live demos of current attack methods you’ll gain a deeper understanding of the criminals’ “tools of the trade,” where the weakest links in identity systems are & how best to break the kill-chain for each step.

The ability to keep data encrypted while in use for computations in the cloud could protect data from attackers and malicious insiders alike. This session introduces homomorphic encryption: the concept, the advantages, the challenges, the ground real

Do you have a plan to drag your legacy apps into the 21st century? How will you modernize them so they’re protected with identity-based security rather than relying on legacy security protocols?

This session draws on three real-world customer scenarios to demonstrate how to navigate this challenging transition. We’ll see how cloud deployments leverage standards and technologies – including SAML, OAuth, MFA, PIM/PAM, and authentication.

In this informative session, learn how you can secure your vault and make your PAM system an effective pillar of your security infrastructure.

Your mission, should you choose to accept it, is to see how the M:I series has some pretty interesting lessons on how to do identity-based security right (or wrong).

Join this panel of experts to hear their differing perspectives on OAuth innovation and how its next wave(s) of iteration must proceed for success.

Consensus is coalescing around what the general user experience of a true identity-centric technological ecosystem ought to be – intuitive and friendly, task appropriate levels of friction, user control and ownership of PII.

In this fast-paced talk, NIST Digital Identity Guidelines co-author Justin Richer will walk through how we got into this password mess and what we can do it about it.

Get a peek under the hood of the data science and how behavioral analytics, machine learning and other risk signals can be used to design high-quality identity compromise detection algorithms working in real-time.

In this talk, we’ll discuss a practical approach to threat modeling with a focus on your identity infrastructure.

his presentation will explore what’s new in zero trust and what is just a repackaging of existing tools and processes to help organizations develop an appropriate strategy for enhancing their cyber security.

Modern architectures are becoming more distributed and fractured. How can developers continue to develop and build what they understand without having to become identity experts? How can they do that and ensure that their applications remain secure?

Learn how credential stuffing attacks work, what effect they can have on your company, and how you can fight back.

As consent and user-managed access controls become more widespread, so the line between business logic and policy becomes even more blurred. See some of the reasons for the low acceptance of this policy, and examine how the line can be more defined.

This session will arm you with the knowledge you need to transform your identity practice into a modern program capable of delivering enterprise and consumer identity solutions that are agile and adaptable enough to support new business initiatives.

Learn of the core benefits of bringing all applications under one integrated identity platform -Learn about the different integration pathways available to bring all your applications under one IDP and some of the common best practices to follow.

During the session, we’ll walk you through the available Azure AD tools and features to help you discover and reconfigure your AD FS apps as well as some best practices to ensure a smooth migration for all your users.

This session will demystify Zero Trust and dive into steps to start your zero trust journey.

Come learn how analytics can help you: •drive user productivity through automatically granting access to SaaS applications based on usage patterns •drive better recommendations and automation for reviewers who periodically review access •programmatic

This session equips you with clear, best practices for enterprise workforce Identity and Access Controls, a framework for calculating and building a business case for increased productivity, agility, and security, for your evolving workforce needs.

This session will arm you with a powerful conversation to have with your business that will convey the value of customer identity and raise your status within your organization.

In this session, we’ll tackle questions around passwordless transformation (and more) in order to help you navigate the critical decisions you’ll need to make as you embark on your passwordless journey.

Hear from a panel of experts who discuss how to modernize IAM with PBAC for robust access control, entitlement management and more.

You will walk away with a framework for implementing modernized access control -Understand the different methods of Access Control that companies are standardizing on, and how to choose the right path for your company.

Within this session we will look at how identity security specialists ProofID helped Mazars modernise their identity platform, bringing identity governance, single sign on, access management and multi-factor authentication to the Mazars team.

This session will talk about how a federated identity and directory service was used to meet this requirement.

This presentation will discuss how they enabled authentication in a zero trust environment by following the principles of least privilege.

Watch this identity journey on how AI/ML technologies are integral to their strategy, how the integration of systems and process changes was significant in their process, and the efficiencies they’ll gain with a cloud-first identity program.

Join us for this webcast to learn how Jefferies and Simeio Solutions kickstarted Jefferies IAM program with Simeio Identity Orchestrator with Sudhi Rao.

The OAuth 2.0 protocol has been successful across the internet, but it has many shortcomings. Learn how we are building the next generation identity and security protocols that could lay the groundwork for the next decade of internet security.

This session dives into what Bearer Tokens are, how they work, and how they can augment or replace existing API protection mechanisms such as bearer access tokens and cookies.

This session will provide an overview of Self-sovereign Identity a philosophy and bring the audience up-to-speed on what is happening in the space including Demo of such implementations.

This presentation will describe progress implementing and deploying OpenID Connect Federation, upcoming interop events and results, and next steps to complete the specification and foster production deployments.

Alex will share his thoughts on the importance of Open Standards, and some areas of amazing recent progress. Additionally, he will discuss a few emerging areas and the opportunity they present for enhancing user security.

This session will draw on the experiences of organizations that are successfully using FIDO today to help you develop the strategies and best practices to take full advantage of this ground-breaking technology.

Explore proof-of-possession in OAuth and endeavor to equip you with the knowledge to discern fact from fiction when it comes to cryptographic defenses against the use of stolen OAuth tokens.

In this talk we’ll dive into how identity professionals can use SCIM to accelerate their identity deployments and increase application coverage.

This session provides an update on FIDO adoption, what has changed in the last year, and how the Alliance has positioned FIDO for adoption at scale.

This talk will explore a mechanism that allows for the external authorization model to remain simple for developers while providing a multi-level (coarse-grained to fine-grained) authorization model internally.

Success stories that demonstrate the value of UX research for your teams and discuss practical ways to keep the humans of the enterprise as a central focus of your development and deployment lifecycle so you get the business outcome you want.

Take away from the session will be insights into EA’s learning on player identity and a compilation of best practices that can be considered for user authentication experience in general.

This talk will cover approaches for organizations to create customized, branded experiences where customers and partners can ‘bring their own identity’. We will also highlight considerations for managing the lifecycle of all users.

This presentation will show how the widespread use of eID in the Nordics is making life simpler and more secure for users. While the service providers will receive verified credentials for their clients, which also gives opportunity for new services.

Your ToDo List for improving user experience, based on current industry recommendations. We owe it to society to protect end users and their data, and build trust. Cost-effective and user-friendly identity experiences are the ultimate goal.

Technology can only be as good as the ones designing it, and we should do better.

This panel will discuss where we’ve made progress in digital identity and where we still have problems – and discuss what might happen next in the year ahead.

You own and control your thoughts, your words and your actions. But in a modern society that’s intent on verifying everything, where your movements impact the health of others, what do you really control?

Alex will share his thoughts on the importance of Open Standards, and some areas of amazing recent progress. Additionally, he will discuss a few emerging areas and the opportunity they present for enhancing user security.

Back by popular demand, our panel of senior security leaders discusses critical topics in security and identity, and looks to what the future might hold.

Dealing with identity – authoritative, verified, or just plain account-oriented – at consumer/citizen scale is not easy. Delivering an improved user experience at scale, while still ensuring appropriate security and privacy safeguards, is a major cha