Many business entities, such as financial institutions, implement a multitude of business applications and each of the business applications may require that an associate (e.g., employee or the like) log-in as a means of identifying themselves as an authorized user of the business application. However, in many instances the business applications are diverse in nature, such that an associate may log-in into one application or system using one identifier and may log-in to another application using another identifier. Associates having multiple associate identifiers (e.g., user identifiers) are especially prevalent in large corporations such as worldwide enterprises in which the domains and applications are disparate. Further, large corporations have a tendency to merge with other corporations/entities and/or acquire other corporations/entities and, in doing so, assume legacy domains/applications, which, unless modified upon acquisition/merger, provide for associates to identify themselves (i.e., log-in) using legacy domain/application identifiers. For example, in the enterprise-wide financial institution example, an associate may have one identifier in the corporate domain, another identifier in for a loan/mortgage system domain/application, another identifier for an insurance system domain/application, another identifier for a credit card system domain/application and the like.
The use of multiple associate identifiers becomes problematic when trying to determine if an associate accessing one domain/application using one identifier is the same associate accessing another domain/application using another identifier. Such a need to determine associate identity, and moreover determine identity positively, meaning without reasonable doubt, is especially needed in associate activity tracking/monitoring systems which monitor the associates use and/or access to business applications. For example, monitoring of associate activities may be needed to determine if associates are conducting activities that are suspicious and/or outside of the scope of their employment (i.e., unauthorized or illegal activity). Such monitoring of associate activity is a required function of specific entities, such as financial institution or the like. However, if the monitoring system is unable to determine that an associate in one domain/application is the same associate in another domain/application, the resulting monitoring results will invariably be incomplete and inaccurate.
In current practice, much manual intervention is needed to positively identify that an associate accessing one domain/application using a first identifier is the same associate that is accessing a second domain/application using a second identifier. This is because the associate data tied to the associate identifier (i.e., data stored in the associate's system of record (SOR) associated with that particular domain/application) is typically incomplete, outdated, inaccurate and/or otherwise not prone to correlation due to system configurations, data field lengths and the like. As such, analysts must painstakingly analyze data within different systems of record before an associate accessing one domain/application can be positively identified as the same associate accessing another domain/application.
Therefore, a need exists to create an automated system for positively identifying that an associate accessing one domain/application using an application-specific identifier is the same associate that accesses another domain/application using another application-specific identifier. Based on such a determination a world-wide federated identifier may be automatically generated and applied to all domains/application across the enterprise, so as to positively identify the associate regardless of the identifier they use for accessing any one domain/application with the business entity.