What Is Identity & Access Management?
The term “identity and access management” (IAM) does not comprise a specifically defined field of activities. The functions an IAM software should provide are commonly based on the functional ranges of current market products. Some of the fields covered by IAM include:
How identities can be used across technological boundaries, e.g. between different companies or between local IT systems and the cloud.
This feature, also known as “SSO”, allows users to authenticate themselves just once and then use this authentication for a variety of systems, thereby eliminating the need for multiple logins.
Provisioning is the process of automatically creating and/or assigning resources, such as user accounts and access rights, based on workflows and policies.
In IAM, workflows are used to control processes. There is usually a distinction between approval workflows (in which data owners grant access to certain data) and provisioning workflows (technical processes that are orchestrated to provide certain resources).
With a role-based access system, IAM enables users to obtain the access rights they need automatically and lose them again once they are no longer needed. This is based (among other things) on the company’s structure, i.e. its departments, location or job position of users.
As the name suggests, a self-service feature allows users to request services on their own. This may include anything from access rights requests, to changing user data, to resetting passwords.
IAM is not a clearly defined term. It comprises a multitude of possible functions for controlling user accounts and access rights.
What Is User Lifecycle Management?
User lifecycle management can be understood as one feature included in identity & access management. ULM overlaps with provisioning and workflow functions. The term is fairly self-explanatory: It is about managing the life cycles of users. A user’s lifecycle begins when the user joins the company and ends when the user leaves. Along with other IAM functions, ULM ensures that users are always equipped with the necessary user accounts and access rights throughout their time at the organization. User lifecycle management is an integral component of IAM (and not a specific module that can be switched on or off) and ensures that:
- User identities are created
- Access rights are assigned or revoked
- User accounts are deactivated
ULM is often directed by third-party systems. The events in a user lifecycle (entry, data changes, transfer or leaving) are often transmitted automatically via an interface between a personnel management system (HR software) and the IAM system.
What Is Identity & Access Management Software?
Identity and access management systems belong in the category of IT security products. Identity & access management software usually models some or all of the aforementioned features and functionalities. Sometimes, these solutions will consist of several products, each of which models specific functions. The solutions are intertwined to some extent.
Producers will use different products for:
- Central management of user data (in the past, this would be in so-called “meta-directories” based on outdated directory services),
- Workflows and provisioning (in the form of proprietary workflow designers and connectors)
- Access management (for different functions for managing user privileges, so-called “access governance products”)
- Access management for so-called “unorganized data” on file servers or in collaboration solutions, like SharePoint.
Solutions that are able to model all of these features in one product are of great advantage:
- All data is available and up-to-date at all times and there is no need to synchronize data between different products (less risk of errors).
- The user interface and all terms used are uniform. This makes it easier for users to understand the solution.
- Users only have to learn how to use one application. Solutions that consist of several products require users to receive multiple trainings.
Identity & access management solutions model the possible functions of IAM. The solution stack of many providers is based on several independent products. Solutions that are able to model all functions in one product are of particular advantage.