What is Identity and Access Management?
Identity and Access Management (IAM) is a framework for business processes, policies, and technologies that facilitates the management of electronic identities. It ensures the right individuals have appropriate access to technology resources at the right times for the right reasons.
Core Components
Identity Management
- User provisioning/deprovisioning
- Identity lifecycle management
- Directory services
- Self-service capabilities
Authentication
- Password management
- Multi-factor authentication (MFA)
- Single Sign-On (SSO)
- Biometric authentication
Authorization
- Role-Based Access Control (RBAC)
- Attribute-Based Access Control (ABAC)
- Policy enforcement
- Least privilege principle
Governance
- Access certification/reviews
- Segregation of duties
- Audit and compliance
- Reporting and analytics
IAM Best Practices
- Implement least privilege access
- Require MFA everywhere
- Automate provisioning/deprovisioning
- Regular access reviews
- Centralize identity management
- Monitor for anomalies
Cloud IAM
Major cloud providers offer IAM services:
- AWS IAM
- Azure Active Directory
- Google Cloud IAM
- Okta, Auth0 (identity providers)