What is identity and access management (IAM)? - Microsoft Entra (2024)

Table of Contents
In this article What does IAM do? How IAM works Authenticating, authorizing, and accessing resources Authentication and authorization standards Next steps
  • Article

In this article, you learn some of the fundamental concepts of Identity and Access Management (IAM), why it's important, and how it works.

Identity and access management ensures that the right people, machines, and software components get access to the right resources at the right time. First, the person, machine, or software component proves they're who or what they claim to be. Then, the person, machine, or software component is allowed or denied access to or use of certain resources.

To learn about the basic terms and concepts, see Identity fundamentals.

What does IAM do?

IAM systems typically provide the following core functionality:

  • Identity management - The process of creating, storing, and managing identity information. Identity providers (IdP) are software solutions that are used to track and manage user identities, as well as the permissions and access levels associated with those identities.

    See Also
    Microsoft Access: Is it still relevant in %%currentyear%%? - Explore AlternativesTop 5 Identity & Access Management (IAM) Tools for 2024 | CerbosAn Introduction to Identity & Access Management and Active Directory - WavestoneUsing Access or Excel to manage your data

  • Identity federation - You can allow users who already have passwords elsewhere (for example, in your enterprise network or with an internet or social identity provider) to get access to your system.

  • Provisioning and deprovisioning of users - The process of creating and managing user accounts, which includes specifying which users have access to which resources, and assigning permissions and access levels.

  • Authentication of users - Authenticate a user, machine, or software component by confirming that they're who or what they say they are. You can add multifactor authentication (MFA) for individual users for extra security or single sign-on (SSO) to allow users to authenticate their identity with one portal instead of many different resources.

  • Authorization of users - Authorization ensures a user is granted the exact level and type of access to a tool that they're entitled to. Users can also be portioned into groups or roles so large cohorts of users can be granted the same privileges.

  • Access control - The process of determining who or what has access to which resources. This includes defining user roles and permissions, as well as setting up authentication and authorization mechanisms. Access controls regulate access to systems and data.

  • Reports and monitoring - Generate reports after actions taken on the platform (like sign-in time, systems accessed, and type of authentication) to ensure compliance and assess security risks. Gain insights into the security and usage patterns of your environment.

How IAM works

This section provides an overview of the authentication and authorization process and the more common standards.

See Also
Is MS Access Still Relevant in 2024? Facts Verified

Authenticating, authorizing, and accessing resources

Let's say you have an application that signs in a user and then accesses a protected resource.

What is identity and access management (IAM)? - Microsoft Entra (1)

  1. The user (resource owner) initiates an authentication request with the identity provider/authorization server from the client application.

  2. If the credentials are valid, the identity provider/authorization server first sends an ID token containing information about the user back to the client application.

  3. The identity provider/authorization server also obtains end-user consent and grants the client application authorization to access the protected resource. Authorization is provided in an access token, which is also sent back to the client application.

  4. The access token is attached to subsequent requests made to the protected resource server from the client application.

  5. The identity provider/authorization server validates the access token. If successful the request for protected resources is granted, and a response is sent back to the client application.

For more information, read Authentication and authorization.

Authentication and authorization standards

These are the most well-known and commonly used authentication and authorization standards:

OAuth 2.0

OAuth is an open-standards identity management protocol that provides secure access for websites, mobile apps, and Internet of Things and other devices. It uses tokens that are encrypted in transit and eliminates the need to share credentials. OAuth 2.0, the latest release of OAuth, is a popular framework used by major social media platforms and consumer services, from Facebook and LinkedIn to Google, PayPal, and Netflix. To learn more, read about OAuth 2.0 protocol.

OpenID Connect (OIDC)

With the release of the OpenID Connect (which uses public-key encryption), OpenID became a widely adopted authentication layer for OAuth. Like SAML, OpenID Connect (OIDC) is widely used for single sign-on (SSO), but OIDC uses REST/JSON instead of XML. OIDC was designed to work with both native and mobile apps by using REST/JSON protocols. The primary use case for SAML, however, is web-based apps. To learn more, read about OpenID Connect protocol.

JSON web tokens (JWTs)

JWTs are an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWTs can be verified and trusted because they’re digitally signed. They can be used to pass the identity of authenticated users between the identity provider and the service requesting the authentication. They also can be authenticated and encrypted. To learn more, read JSON Web Tokens.

Security Assertion Markup Language (SAML)

SAML is an open standard utilized for exchanging authentication and authorization information between, in this case, an IAM solution and another application. This method uses XML to transmit data and is typically the method used by identity and access management platforms to grant users the ability to sign in to applications that have been integrated with IAM solutions. To learn more, read SAML protocol.

System for Cross-Domain Identity Management (SCIM)

Created to simplify the process of managing user identities, SCIM provisioning allows organizations to efficiently operate in the cloud and easily add or remove users, benefitting budgets, reducing risk, and streamlining workflows. SCIM also facilitates communication between cloud-based applications. To learn more, read Develop and plan provisioning for a SCIM endpoint.

Web Services Federation (WS-Fed)

WS-Fed was developed by Microsoft and used extensively in their applications, this standard defines the way security tokens can be transported between different entities to exchange identity and authorization information. To learn more, read Web Services Federation Protocol.

Next steps

To learn more, see:

  • Single sign-on (SSO)
  • Multifactor authentication (MFA)
  • Authentication vs authorization
  • OAuth 2.0 and OpenID Connect
  • App types and authentication flows
  • Security tokens
What is identity and access management (IAM)? - Microsoft Entra (2024)
Top Articles
Find the serial number of your AirPods - Apple Support
12 Reasons You Should Go Back to School | Carson-Newman University
Katie Pavlich Bikini Photos
Gamevault Agent
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Free Atm For Emerald Card Near Me
Craigslist Mexico Cancun
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Doby's Funeral Home Obituaries
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Select Truck Greensboro
How To Cut Eelgrass Grounded
Craigslist In Flagstaff
Shasta County Most Wanted 2022
Energy Healing Conference Utah
Testberichte zu E-Bikes & Fahrrädern von PROPHETE.
Aaa Saugus Ma Appointment
Geometry Review Quiz 5 Answer Key
Walgreens Alma School And Dynamite
Bible Gateway passage: Revelation 3 - New Living Translation
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Dmv In Anoka
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Pixel Combat Unblocked
Umn Biology
Obituaries, 2001 | El Paso County, TXGenWeb
Cvs Sport Physicals
Mercedes W204 Belt Diagram
Rogold Extension
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Colin Donnell Lpsg
Teenbeautyfitness
Weekly Math Review Q4 3
Facebook Marketplace Marrero La
Nobodyhome.tv Reddit
Topos De Bolos Engraçados
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Holzer Athena Portal
Hampton In And Suites Near Me
Stoughton Commuter Rail Schedule
Bedbathandbeyond Flemington Nj
Free Carnival-themed Google Slides & PowerPoint templates
Otter Bustr
San Pedro Sula To Miami Google Flights
Selly Medaline
Latest Posts
12 Tools to Reduce Income and Wealth Inequality | Wicked7 Project
If You Like Chipotle and Its Stock Split, Then You'll Love These 2 Dividend Stocks | The Motley Fool
Article information

Author: Kimberely Baumbach CPA

Last Updated:

Views: 6596

Rating: 4 / 5 (41 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Kimberely Baumbach CPA

Birthday: 1996-01-14

Address: 8381 Boyce Course, Imeldachester, ND 74681

Phone: +3571286597580

Job: Product Banking Analyst

Hobby: Cosplaying, Inline skating, Amateur radio, Baton twirling, Mountaineering, Flying, Archery

Introduction: My name is Kimberely Baumbach CPA, I am a gorgeous, bright, charming, encouraging, zealous, lively, good person who loves writing and wants to share my knowledge and understanding with you.