IAM

Identity and Access Management (IAM) is a framework of policies, processes, and technologies used to ensure that the right individuals have the right access to the right resources, at the right time, and for the right reasons.
It’s the combination of who you are (identity) and what you’re allowed to do (access).
Think of IAM as the traffic controller of your organization’s digital environment

It identifies users (human or machine)
Authenticates them (verifies they are who they claim to be)
Authorizes what actions they can take
Tracks and manages their activities

Core Functions of IAM

IAM systems generally include the following main functions:

1-Identity Creation and Management

Provisioning new user accounts for employees, partners, customers, or applications.
Assigning attributes like username, department, and role.

2-Authentication

Verifying the identity of a user or system before granting access.
Methods include passwords, biometrics, smart cards, OTPs, MFA (Multi-Factor Authentication).

3-Authorization

Determining what a user is allowed to do based on their role or assigned permissions.
Example: an HR employee can view salary data, but a marketing employee cannot.

4-Session Management

Tracking active logins, setting session timeouts, and preventing session hijacking.

5-Monitoring and Auditing

Logging every access event for compliance and threat detection.
Helps with audits for regulations like GDPR, HIPAA, PCI-DSS.

6-Identity Lifecycle Management

Managing the full “life” of a user account — from creation, updates (promotions, role changes), to deactivation when the user leaves.

7-Integration with Other Systems

Connecting IAM to applications, cloud services, VPNs, and directories like Active Directory or LDAP.

IAM Architecture

A modern IAM architecture typically includes:

Directory Services (e.g., Microsoft Active Directory, LDAP) — the database of all identities.
Authentication Systems (e.g., Kerberos, SAML, OAuth, OpenID Connect).
Access Control Engines — enforce permissions and policies.
Self-Service Portals — let users reset passwords, request access, or update profiles.
APIs & Connectors — integrate IAM with other platforms (cloud, SaaS, on-prem).

Key Technologies in IAM

SSO (Single Sign-On): Users log in once to access multiple applications.
MFA (Multi-Factor Authentication): Combines two or more verification methods.
RBAC (Role-Based Access Control): Access based on predefined job roles.
ABAC (Attribute-Based Access Control): Access based on multiple attributes (department, time, location).
Federated Identity Management: Allows identity sharing across multiple organizations (e.g., logging in with Google account).
Privileged Access Management (PAM): Special controls for high-level admin accounts.

IAM Services Offered

Identity Creation and Management
Authentication
Authorization
Session Management
Monitoring and Auditing
Identity Lifecycle Management
Integration with Other Systems