Identity Management
All persons that exist in this world hold unique identity. The type of identity you hold varies according to scenario. In the digital world, our identities are in the form of some attributes in a storage medium i.e., database. These attributes are unique for each user and help in making one user different from other users in the online world. These attributes could be our email, mobile number etc. In our office environment, the attributes are in the form of titles and roles, assigned to us by our employers. An online identity is established by filling some registration forums online. Some information is collected during registration and saved in a database to serve as Identity.
Identity management is related to management of the identity of a particular person. Certain people in your workplace are responsible for creation, updating and deletion of attributes related to you.
Your identity attributes can help in making authorization decisions. An admin in an ecommerce website can make changes to prices of items while developers or users are not authoritative to decide prices of the items.
Access Management
We can simply define Access as simply deciding a Yes/No when a user tries to access a cloud or on-premises application. In general, there could be multiple access control points. For example, there are certain users that are not allowed to use applications or cloud at all. Then there are certain users that are allowed to access the cloud but have limited access based on their role in organization. Accessing the resources requires authentication mechanism where user identity plays a role. The authentication can be simpler or complex depending upon the scenario. Access control decisions are made after the user provides authentication parameters.
This is where attributes come into play that are established while defining the digital identity of the user. If the attributes provided during the authentication process matches with user identity attributes, the user is granted access.
How does IAM work?
IAM systems are there to check if a user is authorized to use a hardware or software application. It does so by using IAM system checks to see if the user is authorized to use the system. The access controls are predefined based on the identity of the user.
What does IAM do?
Following are the core functions of an IAM system or solution.
Manage User Identities
IAM systems are solely authorized to create, delete or modify user identities. To grant specialized kind of access to certain users, Identity and access management solutions can be leveraged.
Provisioning and Deprovisioning user
Provisioning can be defined as what kind of tool and what level of access to those tools will be granted to each user. The IAM tool can provision users based on their department or role after getting the recommendation of team managers. Defining access for each individual user can be very time consuming so the idea to grant access to groups based on their roles and departments can save a lot of time. For example, a backed team will only be granted access to repositories containing projects of the backend team. They are not allowed to make changes in the Front End of the application.
Similarly, reverse is also possible. To avoid any security issues by ex-employees, it allows them to revoke access immediately.
Authenticating Users
IAM solutions make sure that the users are who they say they are. Some of the safest ways of authentication are
- Multi Factor authentication
- Adaptive authentication
Authorizing users
Authorization to use a certain number of tools with defined level of access are responsibilities of the IAM access management part.
Reporting
One of the key features of the IAM solution are reporting of actions taken on the platform in a presentable manner. The reporting can be helpful in ensuring compliance and assessing security risks.
Single Sign-On
IAM solutions provide a lot of comfort to end users by providing a single sign-on to authenticate their identity. Now users don’t need to authenticate or remember passwords for each individual application. IAM acts are identity truth for other sources available.
