Introduction to Identity and Access Management

Chanika Ruchini
Identity Beyond Borders
5 min readMay 15, 2021

Today many business organizations are struggling to provide their employees and customers with the appropriate level of access to the appropriate services at the appropriate time. To better mitigate these risks and resolve organizational inefficiencies, companies must implement proper governance practices and solutions. This challenge can be fulfilled by implementing an efficient Identity and Access Management mechanism.

What is Identity and Access Management (IAM)?

IAM is a framework of policies, processes, and technologies that enable organizations to manage digital identities and control user access to critical corporate information. The core objective of IAM systems is one digital identity per individual or item. Once that digital identity has been established, it must be maintained, modified, and monitored throughout each user’s or device’s access life cycle.

This identity and Access management incorporate three major concepts as Identification, Authorization, and Authentication. These are closely related, but not the same. Let’s take a closer look at each of the key concepts for better understanding.

1. Identification

Identification is the ability to identify a user of a system uniquely or an application that is running in the system. This can be accomplished with a username, a process ID, or anything else that can uniquely identify a subject. Security systems use this identity when determining if a subject can access an object.

2. Authentication

Authentication is the ability to prove that a user or application is genuinely who that person or what that application claims to be.

For example, consider a user who logs on to a system by entering a user ID and password. The system uses the user ID to identify the user. The system authenticates the user at the time of login by checking that the supplied password is correct.

There are 3 main methods of authentication.

  • Something you know (Knowledge factor) - such as a password or PIN
  • Something you have (Ownership factor) - such as an identity card, smart card, or security token
  • Something you are (Inherence factors) - using biometrics

3. Authorization

Authorization is the allocation or delegation of permissions to a particular individual or type of user. Authorization carries out the rest of an organization’s identity and access management processes once the user has been authenticated. Users are granted authorizations according to their role at an organization.

If you are still wondering about authentication and authorization, authentication is who you are and authorization means what you can do.

Why Identity and Access Management?

The overall goal of identity management is to grant access to the enterprise assets that users and devices have rights to in a given context.

Few main advantages of IAM are listed below:

  • Securely store and manage user Identities and access policies, and ensure that all individuals and services are properly authenticated, authorized, and audited.
  • Companies that properly handle identities have better control over user access, which decreases the possibility of internal and external data breaches.
  • Automating IAM systems allows businesses to increase overall productivity and operate more efficiently by decreasing the effort, time, and money.
  • Add an extra layer of security over the business’s network enabling regulatory and privacy compliance.
  • Provides a better user experience.

How IAM works?

Before moving deep into the process of IAM let’s look at how traditional Access Management works.

In traditional Access Management identities and privileges are managed within the application premises allowing the user to create user accounts for each application that they want to access. I’ll make it more clear using a simple scenario.

Application-Level Access Management

If Michel wants to access 3 different applications he has to make 3 user accounts and manage them maintaining user credentials separately. In this case, Michel tends to use the same password for all the accounts or use a simple password to make him easier to remember all credentials separately. This will results in data breaches and make it difficult to govern. From the organization's point of view managing different accounts for different applications will results in less agility, low productivity, and high IT costs.

IAM addresses these issues by maintaining a Centralized Access Management system. Here user authentication and account management handle at a central system. Users are managed through a component called Identity provider(IDP). All the applications trust this identity provider and log through this IDP. The main advantage of this Centralized Access management system is the application developer does not worry about user management and user do not need to maintain different user accounts.

Centralized Access Management

Main Concepts Of IAM

1)Centralized Access Management-Handling user authentication and account management at a central system

2)User Provisioning- Creating and managing user accounts/identity information within the system

3)Single Sign-On (SSO)-Authenticating users once and allowing access to other associated applications

4)Multi-Factor Authentication-Authenticating users by challenging with multiple authentication factors, e.g., password, SMS, and fingerprint

5)Adaptive Authentication-Authenticating users by challenging with multiple authentication steps based on the users’ risk profile

6)Identity Federation-Authenticating users existing in an external identity provider

Hope now you have a clear understanding of IAM and its concepts. So the next question that will come to your mind is are there any best high secure IAM Solutions?

The Answer is Yes! WSO2 Identity Server (WSO2 IS) is an open-source identity and access management solution used by a large number of organizations to provide SSO to a huge variety of applications using standard SSO protocols such as SAML, OAuth2/OpenID Connect, WS-Federation, CAS, etc. The other key features are identity federation, identity bridging, adaptive and strong multi-factor authentication., account management and provisioning, fine-grained access control, API security, privacy, etc.

In this article, we learned what is Identity and Access Management and why we need IAM by comparing it with traditional Access Management System.

I hope you enjoyed the blog and hopefully got a clearer picture of Identity and Access Management. In the comments section, feel free to post your feedback. Thank you for reading!

References

--

--