IAM Terms from A to Z
An active connection or access to an application, a system, a network (such as the internet) or an online service, including the respective authorizations.
This term refers to to the processes, policies, and technologies that ensure an organization’s access controls are appropriate and aligned with its business objectives. The goal is, on one hand, to monitor who is allowed to access which resources and, on the other hand, to ensure that access rights are granted, reviewed, and revoked in a controlled, traceable, and auditable manner.
The Main Objectives of Access Governance:
Security: Protecting sensitive data and systems from unauthorized access
Compliance: Adhering to legal, industry-specific, and internal regulations
Efficiency: Automating user access management and review processes to reduce manual effort
Transparency: Providing a clear and traceable overview of existing permissions and their changes over time
Subset of IAM that focuses specifically on controlling user access to systems, applications and resources after their identities have been established. Access management ensures secure, efficient and appropriate use of resources by applying policies that determine who can access what and under what circumstances. It focuses on:
Authentication management: Implementation of methods for verifying user identities, such as Single Sign-On (SSO), Multi-Factor Authentication (MFA) or password policies
Authorization management: Definition and enforcement of rules to control which systems users can access and what actions they can perform based on their identity, role or attributes
Session management: Managing user sessions to ensure that access is revoked when it is no longer needed or when policies require it, e.g. session timeouts or activity-based restrictions
Access control: Real-time decisions to grant or deny access based on established policies, user attributes and current context (e.g. time, location and device)
An account controls technical access to an application, system or network. It usually consists of a user name and password that the user must enter to log in.
An account is not the same as a user: While the user represents a unique identity in the system, a user can have multiple accounts – for example, to access different systems or perform different roles and permissions. The accounts can each represent different access levels or rights.
A company’s abstract “surface” that can be a target for attackers. Bugs, security gaps and weak policies can increase the risk of a breach. The goal of strong identity access management is to limit the target area and reduce the overall risk through security procedures such as automated user provisioning and deprovisioning, as well as regular recertification of access rights.
The process of determining whether an entity one is communicating with is in fact who it claims to be. In other words, the process of verifying a user’s identity.
Process of determining whether a user has the right to access a service or perform an action.
Business objects in the context of Identity & Access Management are central structural or functional entities that are used within an IAM system. They affect the assignment of permissions and can be used for automation purposes. The most important business objects include users, identities, organizational units, applications, roles, groups, and accounts.
Compliance refers to the ability of the IAM system to support an organization in complying with relevant regulations, standards and internal policies that cover data protection, security and user access management.
In the context of IAM, compliance ensures that the organization manages identities and access in a way that meets legal, regulatory and security requirements. Regulations, guidelines and standards that IAM systems support with regard to compliance are:
GDPR (also DSVGO)
HIPAA (Health Insurance Portability and Accountability Act)
SOX (Sarbanes-Oxley Act)
NIS2 (Network and Information Security Directive)
DORA (Digital Operational Resilience Act)
GMP (Good Manufacturing Practice)
TISAX (Trusted Information Security Assessment Exchange)
KRITIS (Critical Infrastructure) and others
In contrast to IAM (also known as WIAM – Workforce Identity and Access Management), which aims to manage internal identities within an organization, CIAM (Customer Identity and Access Management) focuses on the following features:
Customer registration
Social login and single sign-on (SSO), e.g., logging in with Google, Facebook, or Apple
Consent management and data protection, e.g., GDPR-compliant data sharing
Adaptive authentication
Fraud and anomaly detection
A component within an IAM software for interacting with the target systems. Connectors are essential for provisioning, deprovisioning and managing various resources.
Key Functionalities of a Connector:
Integration of external systems: A connector acts as a link between the IAM system and external applications such as SaaS applications, databases and on-premise systems. It enables the IAM system to communicate with these systems and manage identities within them.
User provisioning and deprovisioning: When a user is added, modified, or removed in the IAM system, the connector automatically creates, updates, or deletes the user account in the connected system. This may include email systems, data management tools, process software, or cloud services.
Synchronization of identity data: A connector enables the synchronization of user attributes (e.g. usernames, roles and permissions) between the IAM system and other identity repositories such as Active Directory (AD) or LDAP. This ensures data consistency.
Authentication and authorization: In some cases, connectors are used to delegate authentication and authorization to external identity providers, for example, to facilitate Single Sign-On (SSO) or to enable connectivity between different systems.
Access control and compliance: Connectors enable the IAM system to enforce access control policies by managing authorizations in connected systems. This ensures that users have the right level of access based on roles and policies defined in Garancy.
Here you will find an overview of the connectors available in Garancy.
The process of revoking access rights and permissions to systems, applications and data that a user no longer needs. This usually occurs when an employee leaves the company, changes departments or roles, or no longer requires access to certain resources. This process can be triggered either manually when needed or it can be planned in advance with automated execution. This is one of the core functions of Garancy.
DORA is an EU regulation that aims to ensure the operational resilience of financial institutions. In the area of IAM, it emphasizes secure access controls, incident response mechanisms and, above all, logging to protect critical financial services from cyber threats. Robust IAM practices help organizations comply with DORA requirements by enforcing access restrictions, recertification of access rights and risk assessments.
Data Access Governance (DAG) is centered on managing and securing access rights to unstructured data, such as documents, spreadsheets, presentations, and emails, to safeguard sensitive information. DAG complements document management tools (DMS), file servers, and SharePoint portals, while addressing the dynamic nature of data sharing and mitigating the risks of data leakage.
Entra ID, formerly known as Active Directory (AD), is a directory service developed by Microsoft that helps organizations manage and organize users, computers and resources within a network. It provides centralized authentication, authorization and access control, enabling administrators to enforce policies, assign permissions and ensure secure access to resources across the IT environment.
Garancy provides a connector for Entra ID that is continuously maintained and updated.
An identity that derives from a trust framework between two systems, which enables user authentication and details of the access required. In this model, an identity provider (IDP) handles user authentication, while an IAM service provider, such as Garancy, manages access to resources.
A security and governance concept that requires certain actions, decisions or transactions to be approved or even executed by at least two authorized persons. This approach is designed to improve oversight, reduce errors, prevent fraud and ensure compliance by adding an extra layer of verification and accountability.
In the IAM context, the 4-eyes principle plays a crucial role in controlling and monitoring access to sensitive systems and data. It ensures that high-risk operations involving user identities and access rights are subject to double verification, thereby increasing security and reducing the probability of unauthorized activity. The four-eyes principle is a fundamental component in strengthening the security and governance of identity and access management systems.By requiring dual approval for critical actions, organizations can:
enhance security by reducing the risk of unauthorized or malicious activities,
ensure compliance with regulatory requirements for monitoring and accountability and
promote transparency by fostering a culture of accountability and due diligence.
Implementing the dual control principle in IAM processes helps organizations secure their assets, protect sensitive information and maintain stakeholder trust by ensuring that access to critical resources is appropriately controlled and monitored.
Refers to the framework of rules, policies, processes and practices that guide how an organization operates and achieves its objectives in a structured and accountable manner. It encompasses decision-making, resource management, compliance and risk management to ensure transparency, efficiency and alignment with organizational goals and external regulations.
Identity Access Management (IAM) is a critical component of governance as it enforces policies and controls to ensure that users have appropriate access to resources based on their roles and responsibilities. IAM also supports governance by providing visibility, auditability and compliance, helping organizations manage risk and align with regulatory requirements.
HIPAA is a U.S. regulation for protecting sensitive health information. IAM plays a critical role in HIPAA compliance by enforcing a strict Need-to-Know principle for health data through role-based access control (RBAC). This ensures that only authorized personnel can access patient data. An IAM system also provides audit options in the form of audit trails (reports).
An identity is the central digital representation of a natural or technical entity in the IAM system. It provides a consistent reference for management, authentication, and authorization. An identity typically consists of attribute-based information, such as name, department, function, and status, and forms the basis for role and rights assignments throughout the entire lifecycle – from onboarding to role changes and offboarding.
Important: An identity is not necessarily linked to active system use, but primarily serves as an administrative construct. An identity can give rise to multiple users, for example for different systems or roles – especially in non-human scenarios.
Cloud-based identity and access management delivery model. Identity as a Service (IDaaS) provides IAM functions as a subscription-based, on-demand service hosted and managed by a third-party vendor, rather than being implemented and maintained on-premises by the organization.
Both IAM and IDaaS play a central role in securing corporate resources by managing identities and access rights. The decision between the two models depends on factors such as the specific requirements of the company, compliance aspects, available resources and the strategic orientation towards the cloud.
Identity Governance and Administration is a key component within the field of Identity Access Management. IGA focuses on the administration and control of digital identities and access rights within an organization, while ensuring compliance with legal and security requirements.
IGA focuses on the areas of compliance, audits, automation, and governance.
The core functions of IGA include access reviews, role management, and segregation of duties (SoD).
Identity management – often also referred to as identity and access management or just IAM – involves the administration and control of digital identities of users and devices within an organization. The aim is to ensure that the right people have access to the right resources at the right time and for the right reasons.
An Identity Provider (IdP) is a system or service for managing user identities and providing authentication information. The IdP confirms who a user is by checking login information such as a username and password or certificates. After successful authentication, the IdP issues proof of identity, which is then passed on to other services or applications.
The relationship between an Identity Provider (IdP) and an IAM system is complementary, with the IdP acting as a key component within the broader IAM ecosystem.
IdP within IAM: The IdP is often a core service of an IAM system, handling authentication while the IAM platform manages access control, identity governance and provisioning.
Seamless user experience: The IdP enables features like Single Sign-On (SSO) and federated identity management, allowing IAM systems to provide secure, streamlined access across multiple applications.
Security and compliance: IAM systems rely on the IdP for robust authentication mechanisms to ensure secure access and meet regulatory requirements.
In short, the IdP verifies “who you are,” and the IAM system determines “what you can do.”
Joiner, Mover, Leaver (JML) are terms used to describe common employee processes that typically originate in HR systems. For an IAM system, these standard business processes result in adjustments to employee permissions.
IAM systems enable either fully automated or partially automated processes with additional approval workflows. These workflows can be used to provide information about the changes or as a supplement to grant or revoke additional permissions.
Garancy also supports fully and partially automated Joiner, Mover, and Leaver processes.
Joiner (new hire): When a new internal or external employee joins the company, Garancy ensures that they are granted the appropriate access rights according to their role.
Mover (transfer): If a user changes their role or area of responsibility (e.g. change of department or participation in a specific project), the IAM system adapts their access to the new tasks and ensures that they have neither too many nor too few access rights.
Leaver (exit): When a person leaves the company, the system ensures that access rights are immediately revoked to prevent unauthorized access after leaving.
A video on how you can easily manage the employee lifecycle with Garancy can be found here.
Lift & Shift is a cloud migration strategy in which existing applications or workloads are moved directly to a cloud environment without major changes. This process is often referred to as “rehosting”.
The architecture of the application remains largely untouched, simply being transferred from an on-premise environment (local data center) to the cloud.
Multi-factor authentication (MFA) is a security measure that requires users to provide two or more proofs of identity before they can access resources (e.g. applications, online accounts or VPNs). Unlike traditional methods that only require a username and password, MFA requests additional verification factors, which increases security and reduces the risk of cyber attacks.
Manual provisioning is the process of creating, configuring, and managing user accounts, permissions or IT resources without automation. An IT administrator or other responsible person performs all necessary steps manually.
This process is often used for systems that cannot be connected or for legacy applications that only a few users still have access to. As it is done manually, it is prone to errors and poses security risks.
Garancy optimizes manual provisioning by generating tasks for the responsible persons. These can be processed in various ways, e.g. by email or workflow.
Garancy provides overviews of all manual tasks, thereby reducing the likelihood of errors. At the same time, the IAM tool documents the entire process and ensures that the IAM system is always up to date as a central source of information (“single point of truth”).
MaRisk is a German regulatory framework issued by the German Federal Financial Supervisory Authority (BaFin). It outlines minimum requirements for risk management practices that financial institutions and banks in Germany must follow to ensure solid and effective internal governance.
Most key aspects of MaRisk are covered by an IAM system like Garancy.
Risk management framework: MaRisk requires institutions to establish a comprehensive risk management system to identify, assess, monitor and mitigate risks. It covers various risk types, including credit, market, operational and liquidity risks. An IAM system with strong SoD capabilities supports this framework.
Internal governance: MaRisk fosters an appropriate organizational structure, clear responsibilities and effective communication channels. This underscores the importance of a risk-conscious corporate culture and strong internal control systems.
Documentation and reporting: Requirements are also set for transparent documentation of risk management processes. Institutions must regularly report on risks and controls to management and supervisory authorities. Detailed, controllable reporting functions within the IAM system enable companies to provide such information.
IT risk and security: MaRisk includes guidelines for managing IT-related risks, ensuring cybersecurity and adapting to regulatory requirements related to technology and operations. Enforcing a Need-to-Know principle through the IAM system significantly increases IT security.
Compliance and audits: MaRisk requires regular internal and external audits to verify compliance with the prescribed standards. This ensures that companies meet their legal and regulatory obligations. With an IAM solution like Garancy, organizations are always able to provide information about the current state of access rights within the company.
The Need-to-Know Principle and IAM are closely related concepts that ensure sensitive information and resources are only accessible to those who need them to perform their tasks.
It is a security concept designed to ensure that individuals only have access to data, systems, resources or information that they need to perform their tasks. This minimizes the risk of unauthorized access, insider threats and disclosure of confidential information.
The EU Network and Information Security (NIS) Directive, adopted in 2016 and in force since May 2018, establishes a legal framework for strengthening the cybersecurity of Critical Infrastructures (KRITIS), such as energy, transport and healthcare, as well as certain digital service providers. In terms of IAM, compliance with the NIS1 Directive involves securing user identities, preventing unauthorized access to critical systems, and ensuring traceability through audit trails.
The NIS2 Directive, adopted in November 2022, is an extension of the first NIS Directive, which must be transposed into national law by the member states by October 2024. It extends the scope of the regulation to cover more sectors and introduces stricter requirements for cybersecurity risk management. It focuses on advanced identity management practices such as Zero Trust, Privileged Access Management (PAM), and control mechanisms to protect against advanced cyber threats.
Refers to software, hardware, or IT infrastructure that is hosted and managed locally — within an organization’s own facilities — rather than in a cloud environment. This type of setup puts the organization in complete control of its systems, data and security, but requires resources for maintenance and support.
An IAM tool plays a crucial role in identifying and managing orphaned accounts, which are user accounts that remain active but are no longer associated with a valid user, e.g. after an employee leaves the organization.
Garancy helps detect and mitigate these accounts by automating deprovisioning processes, enforcing role-based access controls and providing audit capabilities to ensure that all accounts are tied to legitimate, active identities. This reduces security risks and improves compliance. As soon as a person leaves the company, all associated accounts are deactivated.
Accumulation of access rights of individual users, e.g. due to a change of department or position within the company. This is also referred to as “apprentice effect” or the “intern phenomenon”. The employee passes through a variety of departments within the company and is assigned rights to carry out tasks within these departments. As these rights are not withdrawn when the employee has completed the assignment, an accumulation of rights occurs. This is associated with significant risks in day-to-day operations. This phenomenon is particularly common among trainees and apprentices.
The Principal of Least Privilege (PoLP) is essential to IAM because it limits user and system access to the minimum required in order to perform work tasks. This increases security by minimizing the attack surface, preventing privilege abuse, and ensuring that organizations comply with access control and data privacy regulations. PoLP is a core component of Garancy, which enables strict access controls and protects critical systems and sensitive data.
Minimal access: PoLP ensures that users or systems have the lowest level of access or permission possible to perform their tasks. For example, if a user just needs view-only access to a database, they should not be given writing or administrative rights.
Enhanced security: By restricting access rights, PoLP reduces the risk of unauthorized activities, accidental errors or malicious actions. If a user’s account is compromised, the attacker has limited access, which mitigates the potential damage.
User roles and permissions: In IAM, PoLP is enforced through mechanisms such as Role-Based Access Control (RBAC). Each user is assigned one or more roles with permissions that match their job responsibilities. These roles are designed to grant only the least privileges necessary.
Prevention of rights accumulation: PoLP prevents accumulation of more rights than necessary. Users or applications are not granted extensive access rights that could lead to privilege misuse or privilege exploitation, such as unauthorized access to sensitive data or critical systems.
Periodic review: Garancy enforces PoLP by permanently reviewing user entitlements and, most importantly, requiring regular access reviews to prevent users from accumulating unnecessary privileges over time.
Governance: PoLP is of critical importance for regulatory compliance (GDPR, HIPAA and many more), as it ensures that sensitive data is only accessible to authorized users, reducing the chances of data breaches and helping to meet governance requirements.
Privileged account management (PAM) is a subfield of IAM that focuses specifically on the security and management of privileged accounts. These are accounts with higher-level authorizations for accessing critical systems, sensitive data or administrative functions. They include, for example, system administrators, network engineers or database administrators.
While identity and access management (IAM) addresses the general management of user identities and access rights for an entire organization, PAM focuses specifically on one area: securing privileged accounts with higher levels of authority that require rigorous control.
Together, IAM and PAM provide a comprehensive framework for securing identities, managing access and protecting critical company resources. By integrating IAM and PAM, organizations can ensure that all users have the right access rights, while adding an extra layer of protection to privileged accounts to prevent potential breaches or misuse.
Provisioning in IAM refers to the automated assignment of required access rights in connected target systems. Provisioning is triggered by every change made in the IAM system and is therefore implemented automatically and in real time.
This ensures that users – including internal and external employees, contractors and partners – have the correct access rights to systems, applications and resources within an organization to perform their tasks.
The feeling of frustration, stress or mental exhaustion caused by the overwhelming number of passwords that users have to remember and manage for various services. Password fatigue can cause users to resort to unsafe practices, such as reusing passwords or using easy-to-guess passwords, which in turn can pose a security risk.
Password reset is a classic feature of IAM systems that allows users to manage all their account passwords via the IAM system. With the use of self-service functions, passwords can be reset without involving the helpdesk, for example.
The standard features also include offline password reset. If the user has forgotten their Windows password and cannot log in, Garancy offers the option of resetting the Windows password via security questions.
Recertification, also known as access review or access certifictaion, is the process of regularly reviewing whether user access rights are still appropriate for their current roles and tasks. This is usually mandated by internal policies, industry standards, or legal requirements to ensure that users have the right level of access and that unauthorized or unnecessary access rights are revoked.
The frequency of these recertifications can be defined in Garancy when creating recertification campaigns. This is based, among other things, on regulatory requirements that are geared to the criticality of the respective authorizations. The more sensitive or security-relevant access rights are considered to be, the more frequently they should be reviewed.
In Garancy, recertification is divided into two areas:
Employee recertification to check employee permissions
Role recertification, which checks the role master data and role content, i.e., the permissions it contains
This distinction allows recertification to be tailored to the person responsible and simplifies the recertification process.
In the IAM context, resources are the digital assets, systems, applications, data, services, or other components within an organization’s IT environment that users need to access in order to perform their tasks.
In Garancy, resources are the most granular level of entitlements. The entitlement hierarchy is structured as follows: Role – Group – Resource.
A role is one of the fundamental concepts that represents one or more authorizations and access rights to be assigned to users or entities within a system. Roles are used to simplify and centralize the management of access control by clustering a collection of permissions that are typically needed to perform a certain job function or activity.
The use of roles is a core principle of Role-Based Access Control (RBAC), a widely adopted approach in IAM systems. RBAC ensures that access is granted on the basis of roles defined according to job function, thus enforcing the principle of least privilege. This means that users are provided only with the access rights they need to perform their tasks.
Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an organization. RBAC is crucial to Garancy because it provides a systematic way to manage and assign permissions to users, thereby increasing security and operational efficiency.
In contrast to the user lifecycle, which focuses on users and their rights, the role lifecycle refers to the management of roles and the rights assigned to them.
A key element is the role model, which forms the logic behind structured rights assignment. A distinction is typically made between application roles, which refer to technical permissions in individual systems, and business roles, which act as higher-level bundles of several application roles and are usually defined on the basis of organizational functions. The resulting role hierarchy enables a transparent, reusable, and auditable structure of access rights.
The Main Functions of the Role Lifecycle:
Creation: Garancy helps to define and create roles based on organizational structures, job functions and access requirements.
Modification: As business needs change, Garancy supports role updates, adjustments or the addition of new permissions.
Review and certification: Regular role audits ensure that roles continue to comply with corporate policies and regulatory requirements.
Withdrawal: A role is automatically decommissioned when it is no longer needed. This prevents the accumulation of excessive or obsolete permissions.
An architectural style that uses standard HTTP methods (e.g. GET, POST) and supports lightweight data formats like JSON. It is widely adopted for its simplicity, scalability and flexibility, particularly in modern web and mobile applications.
Single Sign-On (SSO) is an authentication method that allows users to access multiple applications, systems, or services with a single set of login credentials (e.g., username and password). By centralizing authentication, SSO simplifies the user experience and reduces the need to remember multiple passwords while improving security by enabling centralized control over user access.
SSO is often paired with Multi-Factor Authentication (MFA) to enhance security. While SSO minimizes password fatigue by requiring only one set of credentials, MFA adds an additional security layer by requiring multiple forms of verification, such as a one-time password (OTP) or hardware token.
This combination ensures that even if SSO credentials are compromised, unauthorized access is still mitigated through the second authentication factor. Together, SSO and MFA provide both convenience and strong security.
Segregation of duties (SoD) is a central principle in Identity and Access Management and an essential component of an internal control system (ICS). It is also a regulatory requirement designed to minimize risks such as fraud, errors, or abuse of power by consistently distributing critical tasks across multiple individuals or departments.
In practice, this means that, for example, someone who approves access cannot also grant or execute it themselves. This clear separation of responsibilities significantly reduces the risk of conflicts of interest or unauthorized activities.
Challenges arise primarily in smaller companies where human resources are limited and strict Segregation of Duties is difficult to implement. In such cases, exceptions are permitted. However, these must be documented, traceable, and transparent. That is why powerful reporting also plays a crucial role in the SoD context.
Garancy offers clear advantages here: The solution uses SoD classes, which enable simple, structured, and clear configuration of SoD rules. This facilitates the definition, verification, and enforcement of the separation of critical tasks – even in complex system landscapes.
The suspension and unsuspension of user accounts are basic functions of an IAM system.
Suspension: A user account is deactivated to temporarily prevent access to systems and data without deleting the account. This typically occurs in the case of temporary absences (e.g., vacation, parental leave, or sabbatical), investigations, or non-compliance with policies. The IAM system ensures that the locked user can no longer access systems or data, but retains the configuration and account records that are important in the event of an audit.
Unsuspension: After review and approval, the account can be reactivated, giving the user access to the assigned resources again. IAM systems ensure that this process is traceable, controlled, and audit-proof.
Emergency Suspension: This is an escalation level above regular suspension. It ensures that affected accounts immediately lose all access rights. Again, all data necessary for an audit, as well as historical data on the user, is retained.
The Software Bill of Materials (SBOM) is a detailed, hierarchical list of all the components, dependencies and libraries (including open source, third-party and proprietary code) that make up a software application. It serves as a comprehensive inventory that provides transparency into the software supply chain.
Key purposes of an SBOM
Transparency: Identifies all software components to understand what is included in an application.
Security: Helps organizations detect and mitigate vulnerabilities, ensuring compliance with security standards like CVE (Common Vulnerabilities and Exposures) databases.
Compliance: Ensures adherence to licensing requirements for open-source or third-party components.
Risk Management: Supports monitoring and managing risks associated with the software supply chain.
The significance of SBOMs in modern IT
SBOMs are becoming increasingly important, mainly due to the growing threat of attacks on supply chains and the introduction of regulatory requirements such as the Executive Order 14028 (Improving the Nation’s Cybersecurity) in the US, mandating SBOMs for government-related software.
A protocol with strict standards for message structure that supports only XML. It is often used in enterprise environments requiring high security, reliability and advanced features like transactions.
A target system is a system or application that can be controlled through Identity Access Management. In the case of fully integrated target systems, the communication between the system and Garancy is bidirectional. This enables Garancy to read the authorization management in the application on the one hand, but also to grant or withdraw authorizations in the target system on the other.
A user is a unique identity registered within a system to enable access to resources, services, and data. This identity is used for authentication and authorization and is linked to specific roles and permissions.
The term user includes:
Human users, such as employees, partners, or external users
Non-human users, such as technical identities, services or applications that require automated access to systems.
Each user can have one or more accounts, which grant access to different systems or permission sets, depending on the specific use case.
The user lifecycle consists of the phases that a user’s digital identity goes through within an organization. Typically, the phases are categorized as:
Joiner (onboarding)
Mover (role or position change)
Leaver (offboarding)
Effective management of the user lifecycle is crucial to maintaining security, ensuring compliance and optimizing operational efficiency. Each phase requires specific actions within the IAM system to adequately manage user identities and access rights.
Refers to the process of confirming the identity of a user, device or application, often as part of authentication. This ensures that the entity requesting access is legitimate and authorized to interact with the system or resource. Verification methods include passwords, multi-factor authentication (MFA) or biometrics.
This is a hardware authentication device developed by Yubico that supports multi-factor authentication (MFA). It is often used in IAM systems to enhance security by providing a physical token for one-time passwords (OTPs), public key infrastructure (PKI) credentials or FIDO2/WebAuthn authentication.
Zero Trust is a security concept based on the principle “Never trust, always verify”. It assumes that threats can come from anywhere, from both inside and outside your network. Therefore, every access request must be authenticated, authorized and continuously validated before access to resources is granted. Identity and Access Management is crucial to implementing the Principles of Zero Trust, as the IAM system manages and controls access to resources.