Home/Glossary/Identity and Access Management (IAM)

Identity and Access Management (IAM)

The policies and technologies used to verify identities, govern permissions, and log access across systems.

Identity & Access ManagementAlso called: "IAM program"

IAM unifies how people and services prove who they are and what they can do.

Building blocks

  • Central directory of users, groups, and service principals.
  • Authentication flows such as single sign-on (SSO) and multi-factor authentication (MFA).
  • Authorization policies enforced through roles, attributes, or context.
  • Audit trails and attestation workflows for compliance.

Maturity cues

  • Automated provisioning and deprovisioning linked to HR events.
  • Periodic access reviews with approval trails.
  • Fine-grained policies that adapt to device health and location.

Related Tools

Related Articles

View all articles
Azure AD Is Now Microsoft Entra ID: What Changed and What It Means

Azure AD Is Now Microsoft Entra ID: What Changed and What It Means

Microsoft renamed Azure Active Directory to Microsoft Entra ID. Learn what changed, what stayed the same, and how this affects your organization's identity management.

Read article →
30 Cloud Security Tips for 2026: Essential Best Practices for Every Skill Level

30 Cloud Security Tips for 2026: Essential Best Practices for Every Skill Level

Master cloud security with 30 actionable tips covering AWS, Azure, and GCP.

Read article →
Zero Trust Architecture: A Practical Guide for Cloud Security

Zero Trust Architecture: A Practical Guide for Cloud Security

Learn how to implement Zero Trust architecture in AWS, Azure, and GCP. This guide covers the core principles, implementation strategies, and common pitfalls.

Read article →
Cloud Security Assessment: A Complete Guide

Cloud Security Assessment: A Complete Guide

We uncover the hidden misconfigurations and over-permissioned access putting your cloud environment at risk — and show you exactly how to fix them, fast.

Read article →

Explore More Identity & Access Management

View all terms

Authentication vs Authorization

Authentication verifies who you are, while authorization determines what you can do.

Read more →

FIDO2

An open authentication standard that enables passwordless and phishing-resistant login using hardware security keys or platform authenticators.

Read more →

Kerberos

A network authentication protocol that uses secret-key cryptography and trusted third parties to verify user and service identities without transmitting passwords.

Read more →

LDAP (Lightweight Directory Access Protocol)

An open, vendor-neutral protocol for accessing and maintaining distributed directory services over a network.

Read more →

Multi-Factor Authentication (MFA)

An authentication method that requires users to provide two or more verification factors to gain access.

Read more →

OAuth (Open Authorization)

An open standard for delegated access authorization that allows applications to access user resources without exposing credentials.

Read more →
Back to glossary