Skip to content

Identity Management Services & 7 Key IAM Fundamentals

by Bob Giguere | December 13, 2024

Illustration by GCA showing a diagonal column of blue boxes in varying sizes and shades.

What is Identity and Access Management (IAM)?

IAM solutions and software are created by identity management vendors like Ping Identity, SailPoint, or Okta.

These IAM solutions have led the digital transformation for many years now. The focus is on employee productivity—getting digital assets assigned when a new user is hired. Setting up the basic identity information associated with users and managing users' passwords.

The solutions deliver what is called lifecycle management.

Lifecycle Management - the process of managing users’ identities and evolving access privileges of employees and contractors throughout their tenure with your organization.

Now that we understand the basics of IAM solutions and services, let's define the seven components of IAM that help organizations manage user identities.

1. Identity Management Implementations

These identity management solutions are the first piece of the puzzle to ensure user access is securely provisioned and that all identities at an organization have the proper user access rights. Identity management systems have built-in workflows to empower users with self-service capabilities for things like application access requests.

In this space, there are excellent products and some to avoid like Oracle identity management, which is too complicated to implement and comes with large operational overhead costs. An identity managed service provider like GCA can guide you through software selection.

2. Access Management

Access management solutions deliver identity security at their core. These identity platforms manage which users can access which applications, ensuring only the right people can see sensitive data. This is an essential part of the zero trust model.

With access management, security risks can be evaluated and data breaches are significantly reduced using identity intelligence and real-time identity analytics.

3. Multi-Factor Authentication

Multi-factor authentication is another big-ticket improvement for organizations. Secure access starts with the proper mechanisms of managing access. Login credentials are very easy for hackers to obtain—69% of small businesses do not strictly enforce password policies. Multi-factor authentication can prevent a hacker from gaining access to your systems even if they have valid login credentials.

4. Single Sign-On

The basic setup of access management solutions is to have an identity provider, which is a central repository of users, efficiently manage access to web apps and on-prem solutions. This can be a cloud-based service that enforces strong authentication or adaptive authentication as needed.

These tools allow the authentication process to be modified depending on the network resources being accessed.

In the zero trust framework, huge benefits are realized when identity management systems are connected with access management. Users' access can be checked in identity management, triggered by the access management system.

Example: If a user does not have SalesForce access according to the identity management system, then the access management solutions block the user’s login request to SalesForce before it even occurs, drastically reducing organizational attack perimeters.

5. Identity Governance

Identity governance is the component of identity and access management that requires human involvement to ensure user access is correct. Typically, technology resources (like application owners) don't necessarily know who at the organization needs access to their application, and frequently managers are the better choice. That said, there are many configurable options to control who reviews access for each identity. In access management, during authentication it doesn't factor in the question "does this user need this access to perform their job?" In identity governance, this question is asked when managers review the access their staff has been assigned.

6. Privileged Access Management

Privileged access management (PAM) is critically important to organizations. Organizations configure enhanced processes to secure access to sensitive information and applications using PAM. This goes beyond multi-factor authentication solutions where passwords are changed after each use, sessions are monitored, and much more. These solutions are typically on-premises. They provide a seamless authentication experience, however, from a data security perspective they are significantly more robust; multiple systems are involved for a single login. Identity providers used in IAM aren't on the same identity platform as those used in PAM.

7. Solutions Review

Selecting solutions for IAM is an art and a science. The access management market has multiple vendors that deliver similar key features designed for securely adopting web applications. From an implementer's perspective, often the major difference in IAM is the API that is used to configure access management processes. In identity management solution reviews, use cases like cross-domain identity management can help drive technology decisions.

Role-based access control and data protection standards also impact related solutions and organizational fit. Is your organization's focus on user provisioning, self-service tools, single sign-on, or password management? These are just a few areas to consider when defining initiatives and comparing vendors in a solutions review.

Our tag line at GCA is "managing your digital identities," because that is precisely what we do. We are a boutique consulting firm that works in the IAM space. We deliver implementation, assessment, and managed services for organizations that require robust identity solutions.