Once upon a time, managing identities was a snap. Corporate IT infrastructure consisted of a single, hulking IBM mainframe with a relatively specialized group of back-office users who were either logged on or not. If line employees or managers had computers at all, they were used for word processing and spreadsheets, and people “networked” machines by handing floppy disks to one another.

Today even the janitor might carry a Blackberry—bringing a boon to productivity, yes, but also turning identity management into a terrific challenge for corporate executives who must assure regulators that only those who are properly authorized to access financial ...