Clearing the confusion, let’s understand IAM

Clearing the confusion, let’s understand IAM

Understanding IAM Clearing the Confusion

Before we get into understanding the IAM world, let’s first understand the first key aspect of IAM. Any organization will have broadly two types of users – internal and external. Internal generally refers to its workforce (such as employees, contractors, service providers and partners). External often refers to customers and also, in some cases, service providers and partners. Accordingly, the whole world of IAM is broadly divided into workforce IAM and Consumer IAM (‘CIAM’). 

This blog specifically focuses on Workforce IAM

What is IAM?

Identity and Access Management (‘IAM’) is becoming an increasingly important part of cybersecurity including zero-trust framework. With remote working (or hybrid) becoming a norm, people work from outside their usual office network, accessing organizational resources as remote workers. Eventually, all users have a digital identity, and this identity is at the heart of securing IT systems – by ensuring that the users have right access to right resources at the right time and from the right channel. 

IAM is all about managing identity and access lifecycle across diverse IT systems. It consists of multiple facets and there are usually many terms such as IAM, IAG, PAM, IGA, AC, SSO, MFA, passwordless, etc which are used in this context. Very often these terms are used interchangeably and, in some cases, with wrong understanding. Sometimes, these are also specific to product vendors and how they position their solutions. 

Key terms and abbreviations

While there is no authoritative source, these terms have specific meaning in the IAM context and Hexadius is presenting its understanding of these terms to provide a seamless communication and understanding on this topic. Here are the key terms and their widely accepted meaning:

1. Identity Governance and Administration (‘IGA’)

  1. Governance refers primarily to auditing and reporting functionalities such as access review/ certification, central visibility of user access, timely removal of user access, Segregation of Duties (‘SoD’) reporting, and other reports and dashboard. 
  2. Administration refers to managing identity lifecycle (i.e., Joiner-Mover-Leaver-Rehire-Long Leaves) events including provision/ de-provision of user accounts, managing access entitlements and synchronization of user attributes across the IT systems. This also includes self-service capabilities such as requesting access, password reset, and synchronization.

2. Identity and Access Governance (‘IAG’)

interchangeably used for Identity Governance capabilities (refer #1a above). 

3. Privileged Access Management (‘PAM’)

refers to control over the elevated or privileged access and permissions across IT systems. This refers to controlling who has privileged access, how long they have the privileged access and logging what privileged actions were performed. By right-sizing privileged access controls, PAM helps organizations condense their attack surface, and prevent, or mitigate, the damage arising from external attacks and insider threats.

4. Privileged Identity Management (‘PIM’)

another term used for PAM (#3 above).

5. Single Sign On (‘SSO’)

session and user authentication service that permits a user to use one set of login credentials (e.g., username and password) to access multiple applications. SSO enables users to avoid remembering and entering multiple passwords, and the frustration of having to reset forgotten passwords. Users can also access a range of platforms and apps without having to log in each time. SSO is built on the concept of federated identity, which is the sharing of identity attributes across trusted but autonomous systems. When a user is trusted by one system, they are automatically granted access to all others that have established a trusted relationship with it.

6. Multi Factor Authentication (‘MFA’) 

an authentication method that requires the user to provide two or more verification factors to gain access to an IT system. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyberattack. One of the most common MFA factors that users encounter are one-time passwords (OTP) via email, SMS or some sort of mobile app. 

Adaptive MFA uses business rules and information about the user to determine which authentication factors it should apply. 

7. Passwordless

authentication method of verifying a user’s identity without using a password. This type of authentication improves the user experience. For example, with Fast Identity Online (‘FIDO’), user credentials never leave the device and are not stored on a server, which reduces vulnerabilities to phishing, and password theft.

8. Access Management (‘AM’)

Often includes authentication, authorization, SSO, and identity federation. This includes underlying support for industry standards such as SAML, OAuth and OpenID Connect, social identity integration, etc. 

9. Identity and Access Management (‘IAM’)

broad term which encompasses all these functionalities across IGA/ IAG, PAM and AM.

10. IDAM/ IdM

interchangeably used for IAM capabilities (refer #8 above).

Summary

Using the right term will help organizations ensure that their needs are not lost in translation and will often save lots of time and effort to achieve the desired outcome.

Table of Contents

Stay Informed

Receive our latest blogs directly in your inbox