Skip Ribbon Commands Skip to main content

Identity and Access Management (IdAM) in a Nutshell

What is IdAM?

Identity and Access Management (IdAM) is the combination of technical systems, policies and processes that create, define, and govern the utilization, and safeguarding of identity information, as well as managing the relationship between an entity, and the resources to which access is needed. It can be divided into three fundamental capabilities: Manage Digital Identities, Authenticate Users, and Authorize Access to Resources.

A typical IdAM process begins when a user presents an identity credential in an attempt to access a resource. Next, an authentication decision is made based on the validity of the identity. Finally, an authorization decision is made based on the valid identity, and the user is either granted or denied access to the resource.

Manage Digital Identities

Managing digital identities provides the security and accountability for creating, defining, and trusting digital identity data. This includes the processes for uniquely identifying a user, securely binding a digital identity to a user, and managing digital identity data for use across the enterprise. Digital identity data includes user contact and organizational information and user attributes for access control. Accurate and consistent digital identity data provides the foundation for securing access to IT resources.

Authenticate Users

Authenticate users provides the verification of the the digital identity of a user. It is the digital equivalent of proving who you are. This is accomplished by submitting and validating credentials as proof of identity. Credentials typically include something you have, something you know, and/or something you are. Different types of credentials used in the DoD include a user name and password, PKI, and biometrics. Authentication provides resources a level of assurance that the users are who they claim to be.

Authorize Access to Resources

Authorize access to resources enables an authority to restrict access to resources locally or in the enterprise based on the evaluation of applicable policies. Controlling resource access is paramount to protecting private and confidential information from unauthorized users. Access can be determined by the establishment of user accounts and user roles with access permissions or through user attributes and access control policies. The authorization process typically involves a request to access a resource and an access control decision based on the security context of the transaction. The access control decision returned from this evaluation determines whether the user attempting to interact with the resource complies with the policies and governance requirements tied to its access.

IdAM