IAM · Glossary

Identity and Access Management

A framework of policies and technologies that ensures the right individuals have appropriate access to technology resources, encompassing authentication, authorization, and identity lifecycle management.

Last updated

What Is IAM?

Identity and Access Management (IAM) is the security discipline responsible for managing digital identities and controlling what resources each identity can access. IAM answers three fundamental questions:

  1. Who are you? (Authentication)
  2. What can you do? (Authorization)
  3. What did you do? (Audit)

Core IAM Capabilities

  • Single Sign-On (SSO): One login for all applications, reducing password fatigue
  • Multi-Factor Authentication (MFA): Verify identity with multiple factors (knowledge, possession, biometrics)
  • Directory Services: Centralized identity store (Active Directory, LDAP, cloud directory)
  • Provisioning/Deprovisioning: Automate account creation and removal across systems
  • Role-Based Access Control (RBAC): Assign permissions based on job function
  • Adaptive Authentication: Adjust authentication requirements based on risk signals
  • Federation: Trust relationships between identity providers for cross-organization access

IAM vs. PAM vs. IGA

| Discipline | Focus | Example | |---|---|---| | IAM | All user authentication and access | SSO into Salesforce | | PAM | Privileged/admin access | Admin SSH to production server | | IGA | Access governance and certification | Quarterly access review campaigns |

These disciplines are complementary — most organizations need all three.

Cloud IAM Considerations

Modern IAM must handle:

  • Workforce identity — Employees and contractors accessing corporate apps
  • Customer identity (CIAM) — End users logging into customer-facing applications
  • Machine identity — Service accounts, API keys, workload identities
  • Multi-cloud identity — Consistent access across AWS, Azure, and GCP

Evaluating IAM Solutions

Key factors:

  1. Protocol support — SAML 2.0, OIDC, OAuth 2.0, SCIM
  2. MFA options — FIDO2/WebAuthn, push notification, TOTP, SMS
  3. Application catalog — Pre-built integrations with SaaS applications
  4. Developer experience — APIs, SDKs, and customization capabilities
  5. Scalability — Authentication throughput for your user base
  6. Passwordless support — Passkeys, biometric, certificate-based authentication

Leading IAM Vendors

Major IAM providers include Okta, Microsoft Entra ID, Ping Identity, Auth0, ForgeRock, OneLogin, JumpCloud, and Duo Security.

Related Resources

Categories

Enterprise IAM Platforms

Compare the best enterprise IAM alternatives to Okta in 2026. Ping Identity, ForgeRock, Microsoft Entra ID — enterprise identity features, scale, and deployment flexibility compared.

Cloud IAM Platforms

Compare the best cloud IAM alternatives to Okta in 2026. Microsoft Entra ID, OneLogin, Duo Security — SSO, MFA, pricing, and cloud identity features compared.

Open Source IAM Platforms

Compare the best open source IAM alternatives to Okta in 2026. Keycloak, JumpCloud — features, deployment, customization, and total cost of ownership compared.

Products

Okta Workforce Identity

Market-leading cloud IAM with the broadest integration catalog

Microsoft Entra ID

Microsoft's cloud IAM, bundled with M365 and Azure

Ping Identity

Enterprise-grade IAM with hybrid deployment and strong federation

Auth0

Developer-first CIAM with best-in-class SDKs and docs

ForgeRock

Enterprise identity platform with AI-driven orchestration for complex deployments

OneLogin

Mid-market cloud IAM at a lower price point than Okta

JumpCloud

All-in-one directory, SSO, and device management for SMBs

Duo Security

Cisco's MFA and zero trust access platform known for ease of deployment

Keycloak

The leading open-source IAM platform, backed by Red Hat

Sources & References

  1. NIST Cybersecurity Framework (CSF) 2.0[Government Standard]
  2. NIST Computer Security Resource Center[Government Standard]
  3. MITRE ATT&CK Framework[Industry Framework]
  4. OWASP Foundation[Industry Framework]
  5. CISA Cybersecurity Best Practices[Government Standard]
  6. SANS Institute Reading Room[Industry Research]
  7. Cloud Security Alliance (CSA)[Industry Framework]
  8. CIS Critical Security Controls[Industry Framework]
  9. Gartner Magic Quadrant for Access Management 2024[Analyst Report]
  10. Forrester Wave: Identity-As-A-Service (IDaaS), Q4 2024[Analyst Report]
  11. KuppingerCole Leadership Compass: Access Management 2024[Analyst Report]
  12. NIST SP 800-63: Digital Identity Guidelines[Government Standard]
  13. FIDO Alliance: Passwordless Authentication Standards[Industry Standard]
  14. Gartner Peer Insights: Access Management[Peer Reviews]