Contact us

IAM explained

Emoke Laszlo

February 06, 2020

Hi, my name is Emőke, I am currently studying at the “Babes-Bolyai” University and at the same time I am running my internship at COERA...my first time in an IT company.

As a non-IT person, I struggle with all the abbreviations and the strange language of my IT colleagues, so I decided to share with you what I’ve learned.


What’s the difference between IAM and a bouncer?


This post will explain the basics of IAM. What is that?

Identity and Access Management (IAM) is all about managing identities, profiles, consents and access rights in the cloud ecosystem. An identity can be a reflection of a human: employee (IAM) or customer (CIAM), or even of an object (think about smart home appliances, cars etc.)

IAM WORKS BASED ON THE NEXT THREE STEPS

The first step is to obtain a digital identity, this can vary from organization to organization: you can create your own digital ID by registration, using your e-mail address or phone number.

The second step is the authentication. For example, as an employee of a company, you need access to certain applications to do your job, and when accessing those applications, they will request the Access Management System for your authentication credentials, just like the bouncer does in front of the club checking if you are on the list, making sure that no one can get in (access information) without permission.

IAM basically makes it possible to access all the apps and information with a single login, but unlike a bouncer, IAM will remember you.

Imagine doing this same process repeatedly while you log in to all the apps you use - it could be time consuming. So, what the IAM system does in addition is linking together all the apps you use. You only have to login once, getting access to all the tools you need, this is called Single Sign-On (SSO).

Taking a step further imagine how complicated could it be for the System’s administrator to make sure that every new employee gets access to the information they need. Furthermore, what happens when someone leaves the company?

The third step is authorization. To simplify the access management processes the administrator can create “Roles” in the system, these roles are the digital counterpart of a role from the company, for ex. accountant or developer. Having such roles assigned to an employee means that the employee is granted access to all needed applications using the appropriate authorization (e.g. a developer will only see tickets related to the projects she/he is assigned to). When a new employee is enrolled in the system (getting his digital ID) he will automatically be linked to a “role” (based on their job description) and with this to the assigned applications.

Also, part of the authorization is the removal procedure: when someone leaves the company, their ID and related authorizations are deleted, meaning no access to company applications anymore.

It is kind of similar to when you login to Instagram by using your Facebook account – this way you don’t have to create hundreds of usernames and remember hundreds of passwords, but you can manage all your accounts from Facebook (you can disconnect them from Facebook as well). Creating, updating and deleting identities (including their login credentials and role assignments) is called Identity Management, while authentication and authorization is often referred as Access Management.


This is all I’ve got for you today, see you next time when we continue to explore the world behind!