Authentication, Authorization, and Accounting (AAA)

Security+ 🏆 • Authentication & Authorization 🔐 • Difficulty: free

Definition

AAA is a security framework that verifies identity (authentication), enforces what an identity can do (authorization), and records what it did (accounting) so access is controlled and auditable.

Examples

An employee signs in with MFA (authentication), is granted read-only access to a database (authorization), and all queries are logged to the SIEM (accounting).
A campus Wi-Fi uses 802.1X with RADIUS to check user credentials, place devices into the correct VLAN, and record session start/stop and usage.

Discover 🔎

AAA is the backbone of controlled access. Authentication proves who or what is requesting access. Authorization decides which resources and actions are allowed. Accounting captures logs and metrics (who, what, when, where) for compliance, billing, and investigations. Together, AAA reduces unnecessary trust and creates traceability across networks, apps, and services.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.