Skip to content

Next edition July 6th, 2026

Defensive security

Identity and Access Management

A framework of policies, processes, and technologies that ensures the right individuals and machines have the appropriate access to the right resources at the right times for the right reasons, encompassing authentication, authorization, governance, and lifecycle management.

Author
Unihackers Team
Reading time
3 min read
Last updated

Why It Matters

Identity is the new perimeter. As organizations adopt cloud, mobile, and remote work, traditional network-based defenses no longer contain the threat. Verizon's Data Breach Investigations Report consistently shows credential compromise as the leading cause of breaches, attackers do not break in, they log in.

A robust IAM program reduces breach risk, supports compliance with regulations like SOX, HIPAA, and GDPR, enables secure remote work, and is foundational to Zero Trust architecture.

Core IAM Components

Authentication

Verifying identity through one or more factors:

  • Something you know: passwords, PINs
  • Something you have: hardware tokens, mobile devices
  • Something you are: biometrics
  • Somewhere you are: location/IP context

Modern authentication relies on multi-factor authentication, passwordless methods (passkeys, FIDO2), and risk-based adaptive policies.

Authorization

Deciding what an identity is allowed to do:

ModelDecision BasisUse Case
RBACPredefined rolesMost enterprises
ABACAttributes/policiesComplex/dynamic
ReBACRelationshipsSharing platforms
PBACCentralized policyZero Trust

Identity Governance and Administration (IGA)

Managing the identity lifecycle: provisioning at hire, role changes during tenure, deprovisioning at termination, periodic access reviews, and segregation of duties enforcement.

Privileged Access Management (PAM)

Special protection for high-risk accounts through credential vaulting, just-in-time elevation, session recording, and approval workflows.

Federation and SSO

Single Sign-On using SAML, OAuth 2.0, and OpenID Connect to enable one identity across many applications without repeated logins.

Key Protocols

protocols.txt
Text
SAML 2.0  - Enterprise SSO between IdP and SP
OAuth 2.0 - Delegated authorization (access tokens)
OIDC      - Authentication layer on OAuth 2.0 (ID tokens)
SCIM      - Identity provisioning across systems
LDAP      - Directory protocol (legacy, still common)
Kerberos  - Windows domain authentication
WebAuthn  - Phishing-resistant passwordless

Best Practices

  1. Enforce MFA universally, prioritizing phishing-resistant methods like FIDO2/passkeys.
  2. Adopt SSO to reduce password sprawl and centralize policy.
  3. Apply least privilege and review entitlements quarterly.
  4. Use just-in-time access for sensitive operations.
  5. Monitor identity signals in your SIEM for impossible travel, brute force, and token theft.
  6. Automate joiner/mover/leaver workflows to prevent orphan accounts.
  7. Treat service accounts like human accounts with rotation and monitoring.

Common Threats

Leading Vendors

  • Workforce IAM: Microsoft Entra ID, Okta, Ping Identity, JumpCloud
  • Customer IAM (CIAM): Auth0, Okta, ForgeRock, Stytch
  • PAM: CyberArk, BeyondTrust, Delinea
  • IGA: SailPoint, Saviynt, Microsoft Entra ID Governance
In the Bootcamp

How We Teach Identity and Access Management

In our Cybersecurity Bootcamp, you won't just learn about Identity and Access Management in theory. You'll practice with real tools in hands-on labs, guided by industry professionals who use these concepts daily.

Covered in:

Module 8: Advanced Security Operations

Related topics you'll master:Incident ResponseDFIRThreat HuntingVolatility
See How We Teach This

360+ hours of expert-led training • CompTIA Security+ included