Identity and Access Management (IAM) is a foundational element of cybersecurity today. In the early days of computing, user accounts constituted identity and group membership was used to manage access. In the decades since, the concepts, principles, and technologies of IAM have evolved and become increasingly specialized. User accounts and group memberships are still important constructs, but the tools for authenticating, authorizing, auditing, and protecting identities have proliferated.
As a set of technologies, IAM encompasses user and entitlement provisioning, identity repositories, authentication mechanisms, authorization systems, web access management (WAM), federation and Single Sign-On (SSO), identity governance, access reconciliation, risk management, and many interfaces to other security systems.
Many of the components of IAM have become standardized and even commoditized. To interoperate with other solutions and be successful in the marketplace, IAM products generally support the following standards:
- Provisioning: SCIM
- User identity storage: LDAP
- Authentication: Kerberos, RADIUS, PKI/x.509 including SmartCards, FIDO U2F and UAF, and more
- Federation: SAML, OAuth, OpenID, OpenID Connect
- Authorization: XACML and UMA (User Managed Access)
While it is still somewhat new, UMA, a Kantara Initiative standard, provides a framework to obtain consent from users how their information can be used. As organizations prepare to comply with the EU General Data Protection Regulation (GDPR), UMA will become an increasingly important standard and feature set in IAM solutions.
ForgeRock Access Management is one component of the ForgeRock Identity Platform, their full suite of integrated identity management tools. In addition to ForgeRock Access Management, the ForgeRock Identity Platform includes Common Services (REST APIs, UI, scripting), User Managed Access, ForgeRock Identity Management (provisioning, password management, workflow), ForgeRock Identity Gateway (federation), and ForgeRock Directory Services. ForgeRock Access Management integrates seamlessly with the other products in the suite through the common administrative UI.
ForgeRock is a leading, venture-backed IAM vendor, headquartered in the US but with many offices around the world. ForgeRock was founded in 2010 by former Sun Microsystems employees after the Oracle acquisition. The codebase has evolved significantly since then, and now supports many of the latest identity management and federation standards.