What is the primary purpose of a central directory in an IAM system?

• A. It stores encryption keys
• B. It consolidates user identities across systems
• C. It backs up patient data
• D. It logs clinical decisions

Answer: (B)

In IAM, the central directory serves as a single source of truth for user identities across all systems. Its main purpose is to consolidate identities so a person’s login, roles, and access rights are consistent whether they’re in the EHR, a patient portal, or other applications. By keeping a unified record of usernames, attributes, group memberships, and credentials, it enables centralized authentication (often supporting single sign-on) and streamlined provisioning and deprovisioning across systems. This reduces duplicate accounts, simplifies access control, and improves security and compliance.

Storing encryption keys is a function of key management, not the directory. Backing up patient data is a data protection task, and logging clinical decisions belongs to audit trails.