Enterprise web systems support many organizational functions, including digital transactions, cloud services, data storage, and enterprise software operations. As these systems operate across distributed infrastructures, traditional security models based on static authentication and network boundaries face significant limitations. This study proposes an identity-centric security model that integrates identity authentication, identity profiling, behavioral monitoring, risk evaluation, and policy-based access control within a unified framework. The model evaluates identity activity continuously during active sessions instead of relying only on initial login verification. Identity profiles contain contextual information derived from authentication attributes, device information, location data, and historical usage patterns. Behavioral monitoring observes session activity and identifies deviations from established patterns. A risk evaluation mechanism combines authentication irregularities and behavioral deviations to calculate identity risk scores. These scores guide policy-based access decisions within enterprise applications. Experimental analysis using simulated enterprise session data indicates improved anomaly detection capability, faster response to suspicious activity, and higher accuracy in access decisions compared with traditional role-based access control systems. Continuous monitoring and adaptive policy evaluation allow enterprise platforms to react to changing identity conditions during system interaction. The findings indicate that identity-centric security frameworks provide a context-aware approach for protecting enterprise web systems.