HealthyByte: Bridge That Gap

View Original

Basics of Identity and Access Management

Identity and access management is a framework that encompasses different business processes, policies, and technologies that facilitate the management of digital identities. An IAM framework helps control user access to critical systems within an organization. The primary difference between identity management and access management is that identity deals with authentication while access deals with authorization. 


Every organization has users responsible for managing different systems. Every system operating with the identity of its users will require them to provide details as proof for identifying themselves before accessing systems. As the possible users handling these systems increase, it becomes challenging to maintain a list of identities based on groups, roles, and labels. Identity management focuses primarily on determining who the user is. Once authenticated, the system can determine what data the user can access and has permissions. 

An identity and access management framework comprises of a few key features. 

  1. A repository of personal data, a system uses to identify and define users.

  2. An IAM lifecycle management for adding, modifying, deleting data.

  3. Protecting sensitive data and securing the system.

  4. Auditing and reporting.


IAM solutions can primarily be implemented using two mechanisms:

Multi-Factor Authentication: MFA allows your IAM provider to require more than one method or proof to identify and confirm who you are. It includes something the user has, like a USB stick, something the user knows like a password or pin, something the user is like a fingerprint or biometrics, and somewhere the user is like geolocation. 

Single-Sign-On: SSO is an authentication scheme that allows users to log in with a single ID and password for multiple systems or software. Open ID & Open ID Connect are services that require users to make choices during SSO for a resource. SAML, which stands for security access markup language, is used to exchange authentication & authorization data between systems such as an IAM, a service, or an application. 


An IAM solution should be implemented on principles based on: 

  1. Least privilege principles.

  2. Central identity management.

  3. Secure access to data.

  4. Policy-based controls.

  5. Zero trust policies.

  6. Secure privileged accounts.

  7. Training, educating, and support.