Identity and Access Management (IAM)

Security+ 🏆 • Authentication & Authorization 🔐 • Security Operations 🛡️ • Difficulty: free

Definition

Identity and Access Management is the set of people, processes, and technologies used to manage digital identities and control access to systems and data. IAM ensures the right users have the right access at the right time, and that access can be verified, audited, and revoked.

Examples

A company uses single sign-on with multi-factor authentication so employees can access business apps securely with one identity.
An organization runs quarterly access reviews to remove permissions users no longer need after role changes.

Discover 🔎

Most security decisions eventually come down to identity. Who is making this request, and should they be allowed to do it. IAM is how organizations answer those questions at scale. It covers how accounts are created, how users prove who they are, what they are allowed to access, and how that access is monitored and removed when no longer needed.

Remember: IAM is not just login. It includes the full lifecycle of access, from onboarding to offboarding.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.