Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Mobile credentials and Gen Z expectations: what IAM teams should do


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Gen Z employees are bringing consumer-grade expectations for mobile credentials, wearables, biometrics, and privacy into the workplace, according to AlertEnterprise and HID. The broader shift is less about device preference than about whether enterprise access can match modern user expectations without weakening identity governance.

NHIMG editorial — based on content published by AlertEnterprise: From Dorms to Boardrooms: Gen Z Is Rewriting Security

Questions worth separating out

Q: How should organisations introduce mobile credentials without weakening identity governance?

A: Start by binding mobile credentials to the same identity lifecycle controls used for any other authenticator.

Q: Why do mobile credentials create pressure on IAM programmes?

A: They change user expectations from tolerated friction to expected convenience.

Q: What do security teams get wrong about biometrics in access control?

A: They often treat biometrics as a security outcome rather than one component of a broader identity design.

Practitioner guidance

  • Map mobile credential issuance to joiner-mover-leaver workflows Tie enrolment, replacement, and revocation to the same lifecycle controls used for other authenticators.
  • Define assurance requirements for phone and wearable access Specify when a mobile credential is acceptable, what proofing is required, and whether a higher-assurance step is needed for sensitive applications.
  • Test recovery and revocation before broad rollout Simulate lost-device, device-replacement, and offboarding scenarios to confirm that access can be removed quickly and restored safely.

What's in the full article

AlertEnterprise's full blog covers the practical messaging and market framing this post intentionally leaves aside:

  • The higher-education origin story behind mobile credentials and why it influenced later enterprise adoption
  • Executive commentary from AlertEnterprise and HID on generational expectations and access experience
  • The specific consumer patterns, including Apple Pay-style expectations, that are shaping workplace access design
  • The article's concise takeaway on why outdated access control risks losing user acceptance

👉 Read AlertEnterprise's blog on Gen Z demand for mobile credentials →

Mobile credentials and Gen Z expectations: what IAM teams should do?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Consumer-style access expectations are now an IAM governance pressure, not a UX preference. The source article is pointing at a broader shift in employee behaviour: users increasingly expect access to feel like consumer payment or device unlock flows. That expectation will influence adoption, but it does not change the need for strong identity proofing, revocation, and auditability. The practitioner conclusion is that convenience pressure must be absorbed inside the identity programme, not handled as a separate mobile exception path.

A few things that frame the scale:

  • 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
  • Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to The State of Non-Human Identity Security.

A question worth separating out:

Q: Who is accountable when mobile access fails or a device is lost?

A: Accountability should sit with the identity and access owners who define issuance, revocation, and assurance policy, not with the end user or the device itself. For human identity programmes, that means IAM, security operations, and business owners must share a documented recovery path and offboarding process.

👉 Read our full editorial: Gen Z mobile credentials are reshaping enterprise access expectations



   
ReplyQuote
Share: