IAM — Glossary

Identity and Access Management

A framework of policies and technologies that ensures the right individuals have appropriate access to technology resources, encompassing authentication, authorization, and identity lifecycle management.

Last updated

What Is IAM?

Identity and Access Management (IAM) is the security discipline responsible for managing digital identities and controlling what resources each identity can access. IAM answers three fundamental questions:

  1. Who are you? (Authentication)
  2. What can you do? (Authorization)
  3. What did you do? (Audit)

Core IAM Capabilities

  • Single Sign-On (SSO): One login for all applications, reducing password fatigue
  • Multi-Factor Authentication (MFA): Verify identity with multiple factors (knowledge, possession, biometrics)
  • Directory Services: Centralized identity store (Active Directory, LDAP, cloud directory)
  • Provisioning/Deprovisioning: Automate account creation and removal across systems
  • Role-Based Access Control (RBAC): Assign permissions based on job function
  • Adaptive Authentication: Adjust authentication requirements based on risk signals
  • Federation: Trust relationships between identity providers for cross-organization access

IAM vs. PAM vs. IGA

| Discipline | Focus | Example | |---|---|---| | IAM | All user authentication and access | SSO into Salesforce | | PAM | Privileged/admin access | Admin SSH to production server | | IGA | Access governance and certification | Quarterly access review campaigns |

These disciplines are complementary — most organizations need all three.

Cloud IAM Considerations

Modern IAM must handle:

  • Workforce identity — Employees and contractors accessing corporate apps
  • Customer identity (CIAM) — End users logging into customer-facing applications
  • Machine identity — Service accounts, API keys, workload identities
  • Multi-cloud identity — Consistent access across AWS, Azure, and GCP

Evaluating IAM Solutions

Key factors:

  1. Protocol support — SAML 2.0, OIDC, OAuth 2.0, SCIM
  2. MFA options — FIDO2/WebAuthn, push notification, TOTP, SMS
  3. Application catalog — Pre-built integrations with SaaS applications
  4. Developer experience — APIs, SDKs, and customization capabilities
  5. Scalability — Authentication throughput for your user base
  6. Passwordless support — Passkeys, biometric, certificate-based authentication

Leading IAM Vendors

Major IAM providers include Okta, Microsoft Entra ID, Ping Identity, Auth0, ForgeRock, OneLogin, JumpCloud, and Duo Security.

Related Resources

Categories

Enterprise IAM Platforms

Compare the best enterprise IAM alternatives to Okta in 2026. Ping Identity, ForgeRock, Microsoft Entra ID — enterprise identity features, scale, and deployment flexibility compared.

Cloud IAM Platforms

Compare the best cloud IAM alternatives to Okta in 2026. Microsoft Entra ID, OneLogin, Duo Security — SSO, MFA, pricing, and cloud identity features compared.

Open Source IAM Platforms

Compare the best open source IAM alternatives to Okta in 2026. Keycloak, JumpCloud — features, deployment, customization, and total cost of ownership compared.

Products

Okta

Cloud identity and access management platform for SSO, MFA, and lifecycle management

Microsoft Entra ID

Microsoft's cloud identity platform with deep M365 and Azure integration

Ping Identity

Enterprise identity security platform with flexible deployment and API security

Auth0

Developer-first identity platform for customer authentication and CIAM

ForgeRock

Enterprise identity platform with AI-driven orchestration for complex deployments

OneLogin

Cloud IAM platform with SmartFactor Authentication and cost-effective pricing

JumpCloud

Open directory platform unifying identity, device management, and access in one console

Duo Security

Cisco's MFA and zero trust access platform known for ease of deployment

Keycloak

Open-source IAM platform with SSO, identity brokering, and fine-grained authorization

Sources & References

  1. NIST Cybersecurity Framework (CSF) 2.0[Government Standard]
  2. NIST Computer Security Resource Center[Government Standard]
  3. MITRE ATT&CK Framework[Industry Framework]
  4. OWASP Foundation[Industry Framework]
  5. CISA Cybersecurity Best Practices[Government Standard]
  6. SANS Institute Reading Room[Industry Research]
  7. Cloud Security Alliance (CSA)[Industry Framework]
  8. CIS Critical Security Controls[Industry Framework]
  9. Gartner Magic Quadrant for Access Management 2024[Analyst Report]
  10. Forrester Wave: Identity-As-A-Service (IDaaS), Q4 2024[Analyst Report]
  11. KuppingerCole Leadership Compass: Access Management 2024[Analyst Report]
  12. NIST SP 800-63: Digital Identity Guidelines[Government Standard]
  13. FIDO Alliance: Passwordless Authentication Standards[Industry Standard]
  14. Gartner Peer Insights: Access Management[Peer Reviews]