Identity and Access Management (IAM) is a foundational element of cybersecurity today.
As a set of technologies, IAM encompasses user and entitlement provisioning, identity repositories, authentication mechanisms, authorization systems, web access management (WAM), federation and Single Sign-On (SSO), identity governance, access reconciliation, risk management, and many interfaces to other security systems.
Commonly, IAM is split into three major parts:
- Identity Management: The management of identity lifecycles and their governance. This is commonly referred to as Identity Provisioning (Lifecycle Management) and Access Governance, or as IGA (Identity Governance and Administration),
- Access Management: Enabling access of users, i.e. supporting authentication, identity federation, and authorization.
- Privileged Access Management (PAM): These technologies focus on highly privileged users and the specific requirememts around these users, plus shared accounts. Capabilities include management of passwords for shared accounts and of privileged user sessions.
Many of the components of IAM have become standardized and even commoditized. To interoperate with other solutions and be successful in the marketplace, IAM products generally support the following standards:
- Provisioning: SCIM
- User identity storage: LDAP
- Authentication: Kerberos, RADIUS, PKI/x.509 including SmartCards, FIDO U2F/UAF/2.0, W3C WebAuthn, and more
- Federation: OAuth, OpenID, OpenID Connect (OIDC), and SAML
- Authorization: JSON, JWT, UMA, and XACML
Access Management, also referred to as Web Access Management & Identity Federation, as one of the major disciplines is focused on providing access for users to services. They can deliver a SSO (Single Sign-On) experience to users, by authenticating the users on behalf of the target applications.
Integration can work either via standards for identity federatin or – for legacy web applications that do not support modern identity federation standards – with methods such as password injection and providing authentication information as part of modified https headers. Authentication should integrate with the authentication standards listed above.
Access Management should support a range of applications from modern SaaS services to legacy web applications. While deployment models are shifting towards cloud-based delivery of Access Management, there is still a need and place for on premises solutions, specifically for B2E and B2B use cases, or B2C use cases that work against backend systems within the enterprise.
A specific requirement for all types of Access Management is scalability and high availability. Access of users to services depends on the availability of these services, and specifically in B2C scenarios, massive workloads and peaks can arise.
Atos is one of the vendors of Access Management solutions, with their DirX Access offering. DirX Access is a proven, mature solution that has been consequently enhanced by new features, supporting all major use cases. While being an on premises solution, Atos as one of the leading IT service providers also can provide MSP-style deployments.