Glossary / Fundamentals
Identity and Access Management (IAM)
IAM is the framework of policies and technology that ensures the right identities have the right access to the right resources, covering authentication, authorization, and the lifecycle of accounts.
Also: IAM
Identity and Access Management is the umbrella discipline for proving who a user or service is and controlling what they are allowed to do. It spans authentication, authorization, account provisioning and de-provisioning, and the governance that keeps access appropriate over time.
IAM is most often discussed in the workforce context, where an IT or security team manages employee and contractor access to internal systems. Customer Identity and Access Management is the branch of IAM aimed at external users, with different priorities around scale, self-service, privacy, and growth.
The core building blocks are shared across both: an identity store, an authentication layer, an authorization model, and a provisioning mechanism such as SCIM. The difference is who is being managed and why.
Sources
- NIST SP 800-63 Digital Identity Guidelines: https://pages.nist.gov/800-63-3/
Related terms
Standards
- NIST SP 800-63