Understanding IdM / AM / IAM / IGA
In a very progressive IT environment, user management has undergone significant development over the last 10 years. As time went by, terms began to emerge in which one could easily get lost, and if that weren’t enough, the abbreviation period has begun…
If you are “lost” in these acronyms, the following article may help you, the goal of which is to provide a brief overview of the terminology used in user identity management and access control.
A key area for ensuring the security and efficiency of essentially any organization is Identity and Access Management (IAM). Its name consists of two concepts, or in other words, it includes two main areas that are very similar to each other and sometimes even intersect, but still differ in meaning and function. These two concepts are Identity Management (IdM), which deals with the management of each user’s attributes, and Access Management (AM), which concerns user authentication and authorization.
IdM systems look after the central management of digital identities, which are stored as records in the repository of the IdM, such as a relational database. A unique attribute for each record ensures the uniqueness of the user. Such attributes can be an email address, a login name, or a randomly generated string of characters. IdM consists of creating, maintaining, monitoring, activating and deactivating these identities during their operation in the corporate network.
However, IdM also deals with the management of roles and user authorizations which, together with other identity attributes, it is able to not only automatically obtain from source systems (e.g., from the HR system), but to also transfer them to other systems within the organization (provisioning).
Users most often encounter AM as a system that first verifies their identity, and then a decision is made to allow access to the relevant information, system, or function. The decision is based on the available information about the user and his or her assigned attributes, and thereby their roles. If the user has the required attributes, he or she is allowed access to the required content.
Confusion of these terms in practice
IAM areas are not always correctly designated. In the Czech Republic, IAM is still confused with the popular IdM designation. We have often come across an IdM system request that included single sign-on (SSO) or multifactor authentication requirements, which are AM functionalities. The basis for success must be an analysis of the functionalities that the company truly requires, according to which the areas of the proposed solution can be identified. This avoids unnecessary costs for functions that the company does not even use.
IGA - the “icing on the cake”
To make matters worse, Identity Governance and Administration (IGA) also exists, which is an area that provides additional functionality beyond IAM. Through automated evaluation of security rules and principles, IGA helps support enterprise IT security and compliance with regulations. The primary role of IGA is to ensure that users have only the privileges that pertain to them in terms of their role and job within the organization.
The term IGA originated in recent times. It was first used in reports published by Gartner, an IS/ICT technology research and consulting firm whose analyses are essentially recognized as the standard.
Which path will you take?
IAM helps organizations meet requirements in accordance with company regulations and helps them save money by minimizing the time it takes to resolve user account issues. Whether you decide to implement a comprehensive solution or just certain parts of IAM, we will be happy to help you with the analysis and selection of a suitable product or a suitable combination of products.