Ah, it feels good to be back into blogging days 🤩. So, a little bit about what I’m up to these days; I am currently engaged in helping build an identity and access management solution for one of the projects. Now in IAM, there are a lot of things to cover but we will focus on the basics of it. While working on this piece, I have realized that the core concepts are often a gap in understanding with respect to what it actually means. So, I am here to share the learnings in this post as per my experience.

What is IAM (Identity and access management)?

If we wanted to understand in simple words, let’s break it down:

A little more about it:

Identity and access management also called Identity Management system (IDMS) in the enterprise is as crucial as anything these days and it’s all about setting up standards and addressing the needs around enabling the right access at the right time for individuals to access not only IT resources but the hardware and applications employees require. It’s often required to meet rigorous and complex security compliance requirements.

IAM’s pretty popular especially with enterprises as there is a critical need to manage information that is spread across internal and external applications with data security in mind.

IAM’s core objective is to assign one identity per individual and have the ability to control it from one place which would help reflect in all systems. It also helps the ability to monitor user’s activities, permit user roles, enforce policies at org level which is an on-going process (basically handles authn (Authentication) and authz (Authorization)).

How IAM works?

IAM is designed to perform three things -

A lot of people gets confused b/w Authentication and Authorization, ill try to explain in a simplistic way:

authentication

authorization

That being said, here are the core components of any IAM system:

Why do we need IAM?

  1. Security: This is one of the core motives for any organization introducing IAM i.e controlling access which ultimately results in preventing identity theft, illegal access to sensitive information. It can also prevent unauthorized logins, protect against phishing attacks (and other cyber attacks). It also incorporates proper reporting, regardless of the application, platform, decide (Including BYOD options), helping with Location flexibility.
  2. Compliance: IAM is not just about keeping things secure; intact following certain regulations according to the region is also crucial. So, compliance like HIPAA, PCI, GDPR, etc can be ensured since IAM specify strict protocols to control what and how of n/w and resources users can use.
  3. Cost Reduction & Maintainability: If there is any change to the organization-wide followed policy e.g. “Password Policy”, then with IAM, it can be done in one go. Hence reducing the workload of requests to the IT team to do it. Furthermore, it reduces Identity management costs like Onboarding, offboarding, implementing policies, processes, etc
  4. Improves User Experience: IAM helps with implementing the “Single sign-on” feature which is really trending especially in enterprises. With SSO, the user does not need to enter passwords to access multiple systems.

Must-haves before/during IAM implementation:

That’s all. If you would like to read more about it, I’d refer a few good links to go through:

Thanks for reading. 😃