This autumn, IDPro launched a four-part series on Continuous Identity—a term that’s quickly becoming central to how modern IAM teams think about trust, automation, and risk. Our first session focused on the part that quietly makes everything else possible: Data.
You can’t manage IAM at the speeds required today without good data. Sean O’Dell and Andrew Cameron kicked off the series by making it very clear that if your data is a mess, nothing else will work.
Why data comes first
Identity teams today ingest an overwhelming number of signals, including authentication events, device posture, network behavior, location anomalies, entitlement usage, and more. In theory, this should enable adaptive, continuous identity management. Alas, in practice, it’s often noise.
Session 1 focused on how to turn that noise into a living, contextual identity profile that organizations can trust. The more data you pull in, the more effort it takes to clean, transform, normalize, and verify it. Without a structured approach, real-time signals (and we do love Shared Signals!) can’t be used meaningfully for security or access decisions.
This isn’t a tooling problem as much as it is a data hygiene problem. Continuous identity, according to both Sean and Andrew, only works when the inputs are clean.
The identity fabric: a layered model
To frame the conversation, Andrew and Sean described a fabric-based model for workforce identity, one that organizes real-time signals into a structure IAM teams can build on.
The architecture discussed follows five major layers:
- Workforce Identity Data Platform (Core) – Aggregates identity signals and applies transformations, normalization, and verification.
- Identity Fabric / Continuous Ingest & Analysis – Ensures signals are captured as they happen.
- Functional Plane – Implements standards such as Shared Signals and identity verification workflows.
- Orchestration Layer (Signal Plane)- Translates, routes, and processes signals for policy-driven decisions.
- Action Plane – Executes access changes, risk responses, and lifecycle updates.
If verification at the ingest stage is weak, every downstream decision is compromised.
Garbage in, garbage out.
Data models and identity graphs
One of the biggest takeaways from the session for me was the shift from making decisions only at admin-time or run-time to using analytical and operational graphs that inform decisions continuously.
That requires structuring identity data into interconnected models, such as:
- Enterprise Graphs — capturing relationships, teams, and reporting structures
- Identity Graphs — tracking authentication events, account lifecycles, and risk
- Entitlements Graphs — mapping access rights and whether they’re used
- Shared Signals Graphs — enabling bidirectional trust updates between systems
These graphs form the context layer that continuous identity depends on.
While I’m sure we’re going to discuss this in more detail in the next few webinars, here’s a sneak preview of what we’ll hear: The orchestration hub and the data platform should remain separate. Blending them increases the risk of operational bottlenecks and muddies the clarity of responsibility between “understanding identity” and “acting on identity.”
The road ahead
Session 1 set the stage for what’s coming in the next three parts of the series: orchestration, decisioning, and automation. But the foundation—data—cannot be skipped or assumed.
Clean data isn’t glamorous work, but it is the most strategic investment an identity program can make. Without it, continuous identity is just an aspiration.
With it, continuous identity becomes the natural next step in modern IAM.
Stay tuned for Part 2 on Orchestration.
Disclaimer: The views expressed in the content are solely those of the author and do not necessarily reflect the views of the IDPro organization.
Author:
Heather Flanagan, is the Principal at Spherical Cow Consulting, where she helps organizations navigate the fast-moving world of digital identity and Internet standards. With more than 15 years of experience translating complex technical concepts into clear, actionable strategy, Heather is known for her ability to bridge communities, guide collaborative work, and make standards development a little less intimidating.
Named to the 2025 Okta Identity 25 as one of the top thought leaders in digital identity, Heather is also a regular speaker and writer, focusing on standards, governance, and the real-world challenges of identity implementation. If there’s work underway to shape the future of identity or rethink how the Internet functions, she’s probably in the middle of it.
